Iccdev
CVE-2026-34539
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionGitHub Advisory
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile and TIFF input can trigger a heap-buffer-overflow (HBO) in CTiffImg::WriteLine(). The issue is observable under AddressSanitizer as an out-of-bounds heap read when running iccSpecSepToTiff on a malicious .icc + .tif pair, leading to a crash during TIFF strip writing. This issue has been patched in version 2.3.1.6.
AnalysisAI
Heap buffer overflow in iccDEV's CTiffImg::WriteLine() function allows local attackers to crash the iccSpecSepToTiff tool via specially crafted ICC color profile and TIFF file pairs. Versions prior to 2.3.1.6 are vulnerable; the attack requires no authentication or user interaction beyond processing a malicious file. While the current impact is limited to denial of service, heap overflows can potentially enable memory corruption exploitation depending on heap layout and attacker sophistication.
Technical ContextAI
iccDEV is the International Color Consortium's reference implementation library for ICC color management profiles, including tools like iccSpecSepToTiff that convert ICC profiles to TIFF format. The vulnerability resides in the CTiffImg::WriteLine() function, which writes image data to TIFF strips during format conversion. The root cause is a heap buffer overflow (CWE-122: Heap-based Buffer Overflow), triggered when processing a malicious ICC profile paired with a crafted TIFF file. The out-of-bounds heap read occurs during strip writing, indicating insufficient bounds checking when the converter processes variable-length color data or strip dimensions from untrusted ICC/TIFF sources. This is a local attack vector requiring the victim to process attacker-supplied files on their system.
RemediationAI
Vendor-released patch: iccDEV version 2.3.1.6 or later. Users should upgrade to version 2.3.1.6 immediately, which contains the fix merged via GitHub PR #686. For environments unable to upgrade immediately, avoid processing ICC and TIFF files from untrusted sources, and consider implementing file validation or sandboxing of iccSpecSepToTiff in automated workflows. Additional details and the patch commit are available at https://github.com/InternationalColorConsortium/iccDEV/pull/686 and https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4f3j-q8mm-5hr6.
iccDEV ICC color profile library (through 2.3.1) has a use-after-free in CIccXform::Create() when processing hint object
Heap buffer overflow in iccDEV versions 2.3.1.1 and below allows remote code execution through maliciously crafted ICC c
Heap buffer overflow in iccDEV versions 2.3.1.1 and below allows remote code execution when processing maliciously craft
Heap buffer overflow in iccDEV versions 2.3.1.1 and earlier allows remote code execution through maliciously crafted ICC
Type confusion in iccDEV library versions before 2.3.1.2 allows unauthenticated attackers to achieve remote code executi
iccDEV color management library versions 2.3.1 and earlier contain undefined behavior in the CLUT initialization functio
iccDEV ICC color profile libraries versions 2.3.1.1 and earlier suffer from undefined behavior and out-of-memory errors
Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color
Type confusion in iccDEV versions before 2.3.1.2 allows attackers to corrupt memory and achieve high-impact outcomes inc
Type confusion in iccDEV versions before 2.3.1.2 allows unauthenticated attackers to achieve remote code execution throu
Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color
Heap buffer overflow in iccDEV versions prior to 2.3.1.2 allows remote attackers to execute arbitrary code through the C
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Heap Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today