CVE-2026-34533

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) in CIccCalculatorFunc::ApplySequence() due to invalid enum values being loaded for icChannelFuncSignature. The issue is observable under UBSan as a “load of value … not a valid value for type icChannelFuncSignature”, indicating a type/enum value confusion scenario during ICC profile processing. This issue has been patched in version 2.3.1.6.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/InternationalColorConsortium/iccDEV/issues/664	Issue Tracking Exploit
https://github.com/InternationalColorConsortium/iccDEV/pull/681	Issue Tracking Patch
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-8jj3-77m7-c3pq	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*

History

20 Apr 2026, 13:48

Type	Values Removed	Values Added
Summary		(es) iccDEV proporciona un conjunto de bibliotecas y herramientas para trabajar con perfiles de gestión de color ICC. Antes de la versión 2.3.1.6, un perfil ICC manipulado puede desencadenar Comportamiento Indefinido (UB) en CIccCalculatorFunc::ApplySequence() debido a la carga de valores de enumeración (enum) no válidos para icChannelFuncSignature. El problema es observable bajo UBSan como una 'carga de valor... no es un valor válido para el tipo icChannelFuncSignature', lo que indica un escenario de confusión de valores de tipo/enumeración (enum) durante el procesamiento de perfiles ICC. Este problema ha sido parcheado en la versión 2.3.1.6.
References	~~() https://github.com/InternationalColorConsortium/iccDEV/issues/664 -~~	() https://github.com/InternationalColorConsortium/iccDEV/issues/664 - Issue Tracking, Exploit
References	~~() https://github.com/InternationalColorConsortium/iccDEV/pull/681 -~~	() https://github.com/InternationalColorConsortium/iccDEV/pull/681 - Issue Tracking, Patch
References	~~() https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-8jj3-77m7-c3pq -~~	() https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-8jj3-77m7-c3pq - Patch, Vendor Advisory
CPE		cpe:2.3:a:color:iccdev::::::::
First Time		Color Color iccdev

31 Mar 2026, 22:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-31 22:16

Updated : 2026-04-20 13:48

NVD link : CVE-2026-34533

Mitre link : CVE-2026-34533

CVE.ORG link : CVE-2026-34533

JSON object : View

Products Affected

color

iccdev

CWE

CWE-758

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

6.2 /10