CVE-2026-34548

{"id": "CVE-2026-34548", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.5}]}, "published": "2026-03-31T23:17:09.607", "references": [{"url": "https://github.com/InternationalColorConsortium/iccDEV/issues/722", "source": "security-advisories@github.com"}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/pull/725", "source": "security-advisories@github.com"}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-prwp-9gv6-ccxv", "source": "security-advisories@github.com"}], "vulnStatus": "Undergoing Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-681"}]}], "descriptions": [{"lang": "en", "value": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) condition in the XML conversion tooling path (iccToXml) caused by an implicit conversion from a negative signed integer to icUInt32Number (unsigned 32-bit), which changes the value. This issue has been patched in version 2.3.1.6."}], "lastModified": "2026-04-01T14:23:37.727", "sourceIdentifier": "security-advisories@github.com"}