PT-2026-5226

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for interacting with ICC color management profiles. A flaw exists in versions prior to 2.3.1.2 where undefined behavior occurs during the conversion of...

CVE-2026-24412

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXmlSegmentedCurve::ToXml function. This occurs when user-controllable input is unsafely incorporate...

CVE-2026-24403

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader when user-controllable input is incorporated into profile data...

CVE-2026-24406

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamedColor2::SetSize. This occurs when user-controllable input is unsafely incorporated into ICC profi...

CVE-2026-24411

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml. This occurs when user-controllable input is unsafely incorporated into ICC profile data or oth...

CVE-2026-24412

CVE-2026-24412 affects iccDEV libraries for ICC color profiles. Versions 2.3.1.1 and earlier contain a heap buffer overflow in the internal function CIccTagXmlSegmentedCurve::ToXml() when user-controlled input is unsafely embedded in ICC profile data or other binary blobs. This can lead to DoS, d...

CVE-2026-24412 iccDEV has Heap Buffer Overflow in icCurvesFromXml()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXmlSegmentedCurve::ToXml function. This occurs when user-controllable input is unsafely incorporate...

CVE-2026-24412 iccDEV has Heap Buffer Overflow in icCurvesFromXml()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXmlSegmentedCurve::ToXml function. This occurs when user-controllable input is unsafely incorporate...

CVE-2026-24411 iccDEV has Undefined Behavior and Null Pointer Deference in CIccTagXmlSegmentedCurve::ToXml()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml. This occurs when user-controllable input is unsafely incorporated into ICC profile data or oth...

CVE-2026-24411 iccDEV has Undefined Behavior and Null Pointer Deference in CIccTagXmlSegmentedCurve::ToXml()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml. This occurs when user-controllable input is unsafely incorporated into ICC profile data or oth...

CVE-2026-24411 iccDEV has Undefined Behavior and Null Pointer Deference in CIccTagXmlSegmentedCurve::ToXml()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml. This occurs when user-controllable input is unsafely incorporated into ICC profile data or oth...

CVE-2026-24406

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamedColor2::SetSize. This occurs when user-controllable input is unsafely incorporated into ICC profi...

CVE-2026-24403

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader when user-controllable input is incorporated into profile data...

CVE-2026-24405

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read. This occurs when user-controllable input is unsafely incorporated into ICC profile...

CVE-2026-24410

Affected software: iccDEV. Vulnerable version(s): 2.3.1.1 and earlier. Root cause: Undefined Behavior and Null Pointer Deference in CIccProfileXml::ParseBasic() when user‑controllable input is unsafe in ICC profile data or related binary blobs. Impact (as stated): DoS, data manipulation, bypass o...

CVE-2026-24410 iccDEV has Undefined Behavior and Null Pointer Deference in CIccProfileXml::ParseBasic()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccProfileXml::ParseBasic. This occurs when user-controllable input is unsafely incorporated into I...

EUVD-2026-4606

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum::ParseXml. This occurs when user-controllable input is unsafely incorporated into...

CVE-2026-24409 iccDEV has Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum<>::ParseXml()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum::ParseXml. This occurs when user-controllable input is unsafely incorporated into...

CVE-2026-24409 iccDEV has Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum<>::ParseXml()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum::ParseXml. This occurs when user-controllable input is unsafely incorporated into...

CVE-2026-24407 iccDEV has Undefined Behavior in icSigCalcOp()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in icSigCalcOp. This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary...