Iccdev
CVE-2026-34535
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionGitHub Advisory
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault (SEGV) in CIccTagArray::Cleanup(). The issue is observable under UBSan/ASan as misaligned member access / misaligned pointer loads followed by an invalid read leading to process crash when running iccRoundTrip on a malicious profile. This issue has been patched in version 2.3.1.6.
AnalysisAI
Malformed ICC color profile files trigger a heap buffer overflow in iccDEV versions prior to 2.3.1.6, causing denial of service through segmentation fault in the CIccTagArray::Cleanup() function. Local attackers can exploit this vulnerability by crafting a malicious ICC profile that, when processed by iccRoundTrip or similar tools, crashes the application due to misaligned pointer access. No public exploit code has been identified, and this vulnerability is not confirmed as actively exploited in the wild.
Technical ContextAI
iccDEV is a standard library for reading, writing, and manipulating ICC color profiles, which are binary files used in color management across graphics applications. The vulnerability exists in the CIccTagArray::Cleanup() member function, where improper bounds checking on heap-allocated arrays permits out-of-bounds memory access. The root cause is a classic heap buffer overflow (CWE-122), specifically a misaligned member access vulnerability that manifests when UBSan/ASan instrumentation is enabled. The vulnerability occurs during the cleanup phase of tag array processing, suggesting the malicious profile exploits initialization or parsing logic that fails to validate array bounds before memory deallocation. ICC profiles are binary structures containing color transformation data; a crafted profile with oversized or malformed tag array definitions can cause the vulnerable code path to read or write beyond allocated heap memory.
RemediationAI
Vendor-released patch: iccDEV version 2.3.1.6 or later. Users should immediately upgrade to version 2.3.1.6, which includes fixes for the misaligned pointer access in CIccTagArray::Cleanup(). For organizations unable to upgrade immediately, restrict usage of iccDEV tools (particularly iccRoundTrip) to trusted ICC profile sources and avoid processing untrusted color profiles from unknown origins. The patch was merged in GitHub PR #683 and is publicly available. See https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-965q-9pp6-6vw5 for vendor advisory details.
iccDEV ICC color profile library (through 2.3.1) has a use-after-free in CIccXform::Create() when processing hint object
Heap buffer overflow in iccDEV versions 2.3.1.1 and below allows remote code execution through maliciously crafted ICC c
Heap buffer overflow in iccDEV versions 2.3.1.1 and below allows remote code execution when processing maliciously craft
Heap buffer overflow in iccDEV versions 2.3.1.1 and earlier allows remote code execution through maliciously crafted ICC
Type confusion in iccDEV library versions before 2.3.1.2 allows unauthenticated attackers to achieve remote code executi
iccDEV color management library versions 2.3.1 and earlier contain undefined behavior in the CLUT initialization functio
iccDEV ICC color profile libraries versions 2.3.1.1 and earlier suffer from undefined behavior and out-of-memory errors
Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color
Type confusion in iccDEV versions before 2.3.1.2 allows attackers to corrupt memory and achieve high-impact outcomes inc
Type confusion in iccDEV versions before 2.3.1.2 allows unauthenticated attackers to achieve remote code execution throu
Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color
Heap buffer overflow in iccDEV versions prior to 2.3.1.2 allows remote attackers to execute arbitrary code through the C
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Heap Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today