Security Advisory

CVE-2026-34535

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-31 21:58:17

Last updated 2026-04-01 13:33:37

Assigner GitHub_M

State PUBLISHED

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault (SEGV) in CIccTagArray::Cleanup(). The issue is observable under UBSan/ASan as misaligned member access / misaligned pointer loads followed by an invalid read leading to process crash when running iccRoundTrip on a malicious profile. This issue has been patched in version 2.3.1.6.

← Browse all CVEs View on cve.org ↗