What is the CVSS score of CVE-2026-34548?

CVE-2026-34548 has a CVSS 3.1 base score of 6.2 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Iccdev CVE-2026-34548

MEDIUM

Incorrect Conversion between Numeric Types (CWE-681)

2026-03-31 GitHub_M

Information Disclosure Iccdev

6.2

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

6.2 MEDIUM

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 31, 2026 - 22:32 vuln.today

CVE Published

Mar 31, 2026 - 22:09 nvd

MEDIUM 6.2

DescriptionGitHub Advisory

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) condition in the XML conversion tooling path (iccToXml) caused by an implicit conversion from a negative signed integer to icUInt32Number (unsigned 32-bit), which changes the value. This issue has been patched in version 2.3.1.6.

AnalysisAI

Denial of service in iccDEV prior to version 2.3.1.6 allows local attackers to crash the iccToXml XML conversion tool via undefined behavior caused by implicit conversion of negative signed integers to unsigned 32-bit values. The vulnerability has CVSS 6.2 (medium severity) and affects all versions before the patched release; no public exploit code has been identified, but the issue is straightforward to trigger with malformed ICC color profiles containing negative integer values.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	The CVSS 6.2 score reflects medium severity with local attack vector (AV:L), low complexity (AC:L), no privilege requirement (PR:N), and availability impact (A:H). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker with local file system access (or via a service that processes user-supplied ICC color profiles) crafts a malformed ICC profile containing a negative signed integer in a field expected to hold an unsigned 32-bit value. When iccToXml processes this profile, the implicit type conversion triggers undefined behavior, causing the application to crash or hang, disrupting color profile processing workflows. …
Remediation	Vendor-released patch: iccDEV version 2.3.1.6 and later. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-34548 vulnerability details – vuln.today

Back

Iccdev CVE-2026-34548

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Vulnerability AssessmentAI

Share

External POC / Exploit Code