Iccdev
CVE-2026-34534
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionGitHub Advisory
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow (HBO) in CIccMpeSpectralMatrix::Describe(). The issue is observable under AddressSanitizer as an out-of-bounds heap read when running iccDumpProfile on a malicious profile. This issue has been patched in version 2.3.1.6.
AnalysisAI
Heap buffer overflow in iccDEV prior to version 2.3.1.6 allows local attackers to trigger a denial of service via a malicious ICC color profile, causing out-of-bounds heap reads in the CIccMpeSpectralMatrix::Describe() function when processing profiles with iccDumpProfile. The vulnerability requires local file access but no user interaction or authentication, with confirmed patch availability in version 2.3.1.6.
Technical ContextAI
iccDEV is a C++ library and toolset for parsing and manipulating ICC color management profiles, which are widely used in image processing workflows. The vulnerability stems from a heap buffer overflow (CWE-122: Heap-based Buffer Overflow) in the CIccMpeSpectralMatrix::Describe() method, specifically an out-of-bounds heap read triggered when processing spectral matrix data structures within a crafted ICC profile. ICC profiles are binary format files that can be embedded in images or distributed separately; the flaw manifests when the iccDumpProfile utility attempts to describe or parse the spectral matrix component of a malicious profile. The root cause is improper bounds checking on heap-allocated buffers used to store spectral matrix element data, allowing an attacker-controlled ICC profile to specify dimensions or offsets that exceed allocated memory regions.
RemediationAI
Update iccDEV to version 2.3.1.6 or later, which contains the patched CIccMpeSpectralMatrix::Describe() method with corrected bounds checking. For systems unable to update immediately, restrict access to the iccDumpProfile utility to trusted internal use only and avoid processing ICC profiles from untrusted or external sources. Developers integrating iccDEV should review GitHub issue #665 and pull request #682 (referenced in the official security advisory GHSA-7x9w-g476-wcc2) to understand the specific code fix and validate their dependency chains. Complete patch details and advisory information are available at https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-7x9w-g476-wcc2.
iccDEV ICC color profile library (through 2.3.1) has a use-after-free in CIccXform::Create() when processing hint object
Heap buffer overflow in iccDEV versions 2.3.1.1 and below allows remote code execution through maliciously crafted ICC c
Heap buffer overflow in iccDEV versions 2.3.1.1 and below allows remote code execution when processing maliciously craft
Heap buffer overflow in iccDEV versions 2.3.1.1 and earlier allows remote code execution through maliciously crafted ICC
Type confusion in iccDEV library versions before 2.3.1.2 allows unauthenticated attackers to achieve remote code executi
iccDEV color management library versions 2.3.1 and earlier contain undefined behavior in the CLUT initialization functio
iccDEV ICC color profile libraries versions 2.3.1.1 and earlier suffer from undefined behavior and out-of-memory errors
Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color
Type confusion in iccDEV versions before 2.3.1.2 allows attackers to corrupt memory and achieve high-impact outcomes inc
Type confusion in iccDEV versions before 2.3.1.2 allows unauthenticated attackers to achieve remote code execution throu
Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color
Heap buffer overflow in iccDEV versions prior to 2.3.1.2 allows remote attackers to execute arbitrary code through the C
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Heap Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today