Iccdev
CVE-2026-34540
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionGitHub Advisory
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow (HBO) in icMemDump() when iccDumpProfile attempts to dump/describe malformed tag contents. The issue is observable under AddressSanitizer as an out-of-bounds heap read in icMemDump(...) at IccProfLib/IccUtil.cpp:1002, reachable via CIccTagUnknown::Describe(). This issue has been patched in version 2.3.1.6.
AnalysisAI
Heap buffer overflow in iccDEV prior to version 2.3.1.6 allows denial of service via a crafted ICC color profile that triggers out-of-bounds heap read in icMemDump() when iccDumpProfile processes malformed tag contents. The vulnerability affects local attackers without authentication or user interaction, though the practical attack surface depends on how iccDumpProfile is invoked in consuming applications. No public exploit code or active exploitation has been identified; the issue was discovered through code analysis and AddressSanitizer instrumentation.
Technical ContextAI
iccDEV is a library suite for ICC color profile manipulation that parses and describes ICC color management profiles used in image processing pipelines. The vulnerability resides in the IccProfLib/IccUtil.cpp file at line 1002 within the icMemDump() function, which is called during profile dumping via CIccTagUnknown::Describe() when encountering unknown or malformed tag structures. The root cause is improper bounds checking on heap-allocated buffers (CWE-122: Heap-based Buffer Overflow) when reading tag content without validating the declared tag length against actual allocated memory. This allows a specially crafted ICC profile with malformed tag metadata to cause the buffer read operation to access memory beyond the intended heap allocation, triggering a crash or potential information disclosure depending on adjacent memory contents.
RemediationAI
Vendor-released patch: iccDEV 2.3.1.6. Applications using iccDEV must update to version 2.3.1.6 or later, which includes the fix to add proper bounds checking in the icMemDump() function when processing unknown tags. For projects using iccDEV as a dependency (via package managers or source inclusion), update the dependency version constraint to >=2.3.1.6. If immediate patching is not feasible, restrict processing of ICC profiles to trusted, internally-vetted sources and avoid exposing iccDumpProfile or profile-reading functionality to untrusted input sources. Detailed patch information and changes are available in the upstream pull request at https://github.com/InternationalColorConsortium/iccDEV/pull/689, and the original vulnerability report is documented at https://github.com/InternationalColorConsortium/iccDEV/issues/674.
iccDEV ICC color profile library (through 2.3.1) has a use-after-free in CIccXform::Create() when processing hint object
Heap buffer overflow in iccDEV versions 2.3.1.1 and below allows remote code execution through maliciously crafted ICC c
Heap buffer overflow in iccDEV versions 2.3.1.1 and below allows remote code execution when processing maliciously craft
Heap buffer overflow in iccDEV versions 2.3.1.1 and earlier allows remote code execution through maliciously crafted ICC
Type confusion in iccDEV library versions before 2.3.1.2 allows unauthenticated attackers to achieve remote code executi
iccDEV color management library versions 2.3.1 and earlier contain undefined behavior in the CLUT initialization functio
iccDEV ICC color profile libraries versions 2.3.1.1 and earlier suffer from undefined behavior and out-of-memory errors
Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color
Type confusion in iccDEV versions before 2.3.1.2 allows attackers to corrupt memory and achieve high-impact outcomes inc
Type confusion in iccDEV versions before 2.3.1.2 allows unauthenticated attackers to achieve remote code execution throu
Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color
Heap buffer overflow in iccDEV versions prior to 2.3.1.2 allows remote attackers to execute arbitrary code through the C
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Heap Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today