CVE-2026-34533

MEDIUM

2026-03-31 [email protected]

6.2

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 31, 2026 - 22:22 vuln.today

CVE Published

Mar 31, 2026 - 22:16 nvd

MEDIUM 6.2

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) in CIccCalculatorFunc::ApplySequence() due to invalid enum values being loaded for icChannelFuncSignature. The issue is observable under UBSan as a “load of value … not a valid value for type icChannelFuncSignature”, indicating a type/enum value confusion scenario during ICC profile processing. This issue has been patched in version 2.3.1.6.

Analysis

Undefined Behavior in iccDEV prior to version 2.3.1.6 allows local attackers to cause a denial of service by supplying a crafted ICC color profile containing invalid enum values for icChannelFuncSignature, which triggers an application crash during profile processing in CIccCalculatorFunc::ApplySequence(). The vulnerability requires local file access or the ability to provide a malicious ICC profile to an application using the library; no public exploit code has been identified.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +31

POC: 0

CVE-2026-34533 vulnerability details – vuln.today

Back

CVE-2026-34533

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-34533

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code