CVE-2026-34533

Affected software: iccDEV libraries/tools for ICC color management profiles. Issue: Before version 2.3.1.6, processing a crafted ICC profile can trigger Undefined Behavior in CIccCalculatorFunc::ApplySequence due to invalid enum values loaded for icChannelFuncSignature (UBSan shows a load of valu...

CVE-2026-25585 iccDEV vulnerable to OOB in CIccXform3DLut::Apply()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a vulnerability IccCmm.cpp:5793 when reading through index during ICC profile processing. The malformed ICC profile...

CVE-2026-22861 iccDEV has a heap-buffer-overflow in SIccCalcOp::Describe() at IccProfLib/IccMpeCalc.cpp

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Prior to 2.3.1.2, There is a heap-based buffer overflow in SIccCalcOp::Describe at IccProfLib/IccMpeCalc.cpp. This...

CVE-2026-21688

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in SIccCalcOp::ArgsPushed at IccProfLib/IccMpeCalc.cpp. This...

EUVD-2026-1382

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in SIccCalcOp::Describe at IccProfLib/IccMpeCalc.cpp. Thi...

CVE-2021-30917

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big...