CVE-2026-34535

Published
View on NVD ↗
CVSS v3
6.2
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault (SEGV) in CIccTagArray::Cleanup(). The issue is observable under UBSan/ASan as misaligned member access / misaligned pointer loads followed by an invalid read leading to process crash when running iccRoundTrip on a malicious profile. This issue has been patched in version 2.3.1.6.

InternationalColorConsortium/iccDEV
InternationalColorConsortium/iccDEV
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles.
GitHubGitHub
163