Security Advisory

CVE-2026-34534

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-31 21:57:17

Last updated 2026-04-01 15:52:51

Assigner GitHub_M

State PUBLISHED

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow (HBO) in CIccMpeSpectralMatrix::Describe(). The issue is observable under AddressSanitizer as an out-of-bounds heap read when running iccDumpProfile on a malicious profile. This issue has been patched in version 2.3.1.6.

← Browse all CVEs View on cve.org ↗