SB2026012647 - Multiple vulnerabilities in iccDEV



SB2026012647 - Multiple vulnerabilities in iccDEV

Published: January 26, 2026 Updated: January 28, 2026

Security Bulletin ID SB2026012647
CSH Severity
High
Patch available
YES
Number of vulnerabilities 22
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 64% Medium 36%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 22 vulnerabilities.


1) Heap-based buffer overflow (CVE-ID: CVE-2026-24412)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in icCurvesFromXml() function. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Reliance on undefined behavior (CVE-ID: CVE-2026-24403)

CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to undefined behavior in icValidateStatus CIccProfile::CheckHeader(). A remote attacker can perform a denial of service (DoS) attack.


3) NULL pointer dereference (CVE-ID: CVE-2026-24404)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in CIccXmlArrayType() function. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


4) Heap-based buffer overflow (CVE-ID: CVE-2026-24405)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in CIccMpeCalculator::Read() function. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) Heap-based buffer overflow (CVE-ID: CVE-2026-24406)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in CIccTagNamedColor2::SetSize() function. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


6) Reliance on undefined behavior (CVE-ID: CVE-2026-24407)

CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to undefined behavior in icSigCalcOp() function. A remote attacker can perform a denial of service (DoS) attack.


7) NULL pointer dereference (CVE-ID: CVE-2026-24409)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in CIccTagXmlFloatNum<>::ParseXml() function. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


8) NULL pointer dereference (CVE-ID: CVE-2026-24410)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in CIccProfileXml::ParseBasic() function. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


9) Input validation error (CVE-ID: CVE-2026-24411)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in CIccTagXmlSegmentedCurve::ToXml() function. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


10) Heap-based buffer overflow (CVE-ID: CVE-2026-22861)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the "SIccCalcOp::Describe()" in IccProfLib/IccMpeCalc.cpp. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


11) Type Confusion (CVE-ID: CVE-2026-21693)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in the "CIccSegmentedCurveXml::ToXml()" function in IccXML/IccLibXML/IccMpeXml.cpp. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


12) Type Confusion (CVE-ID: CVE-2026-21692)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in the "ToXmlCurve()" function in IccXML/IccLibXML/IccMpeXml.cpp. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


13) Type Confusion (CVE-ID: CVE-2026-21691)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in the CIccTag:IsTypeCompressed() function. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


14) Type Confusion (CVE-ID: N/A)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in the "ToXmlCurve()" function in IccXML/IccLibXML/IccMpeXml.cpp. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


15) Type Confusion (CVE-ID: CVE-2026-21690)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in the CIccTagXmlTagData::ToXml() function. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


16) Type Confusion (CVE-ID: CVE-2026-21688)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in the "SIccCalcOp::ArgsPushed()" function in IccProfLib/IccMpeCalc.cpp. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


17) Heap-based buffer overflow (CVE-ID: CVE-2026-22255)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the "CIccCLUT::Init()" function in IccProfLib/IccTagLut.cpp. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


18) Type Confusion (CVE-ID: CVE-2026-21689)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error in the "CIccProfileXml::ParseBasic()" function in IccXML/IccLibXML/IccProfileXml.cpp. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and cause a denial of service condition on the target system.


19) Heap-based buffer overflow (CVE-ID: CVE-2026-22046)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the "CIccProfileXml::ParseBasic()" at IccXML/IccLibXML/IccProfileXml.cpp. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


20) Heap-based buffer overflow (CVE-ID: CVE-2026-22047)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the "SIccCalcOp::Describe()" function in IccProfLib/IccMpeCalc.cpp. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


21) Reliance on undefined behavior (CVE-ID: CVE-2026-24856)

CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to undefined behavior in icTagTypeSignature. A remote attacker can execute arbitrary code on the target system.


22) Heap-based buffer overflow (CVE-ID: CVE-2026-24852)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the icXmlParseTextString() function. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and cause a denial of service condition on the target system.


Remediation

Install update from vendor's website.

References