CVE-2026-34553

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-34553
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a defect in LUT dump/iteration logic affecting CIccCLUT::Iterate() and output produced by CIccMBB::Describe() (via CLUT dumping). This issue has been patched in version 2.3.1.6.

4.0 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/InternationalColorConsortium/iccDEV/issues/704 Issue Tracking Exploit Patch
https://github.com/InternationalColorConsortium/iccDEV/pull/737 Issue Tracking Patch
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-5r4q-77w5-3q3h Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*
History

20 Apr 2026, 14:36

Type Values Removed Values Added
First Time Color
Color iccdev
References () https://github.com/InternationalColorConsortium/iccDEV/issues/704 - () https://github.com/InternationalColorConsortium/iccDEV/issues/704 - Issue Tracking, Exploit, Patch
References () https://github.com/InternationalColorConsortium/iccDEV/pull/737 - () https://github.com/InternationalColorConsortium/iccDEV/pull/737 - Issue Tracking, Patch
References () https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-5r4q-77w5-3q3h - () https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-5r4q-77w5-3q3h - Patch, Vendor Advisory
CPE cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*
Summary
  • (es) iccDEV proporciona un conjunto de bibliotecas y herramientas para trabajar con perfiles de gestión de color ICC. Antes de la versión 2.3.1.6, existe un defecto en la lógica de volcado/iteración de LUT que afecta a CIccCLUT::Iterate() y a la salida producida por CIccMBB::Describe() (mediante el volcado de CLUT). Este problema ha sido parcheado en la versión 2.3.1.6.

31 Mar 2026, 23:17

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-31 23:17

Updated : 2026-04-20 14:36

NVD link : CVE-2026-34553

Mitre link : CVE-2026-34553

CVE.ORG link : CVE-2026-34553

JSON object : View

Products Affected

color

  • iccdev
CWE
CWE-562

Return of Stack Variable Address

CWE-665

Improper Initialization