CVE-2026-34542

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack-buffer-overflow SBO in CIccCalculatorFunc::Apply when processed via iccApplyNamedCmm. Under AddressSanitizer, the failure is reported as...

CVE-2026-34551

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a null-pointer dereference NPD in CIccTagLut16::Write can be triggered when processing a crafted ICC profile embedded in a TIFF and extracted during iccTiffDump. This issue has...

CVE-2026-34556 iccDEV: HBO in icAnsiToUtf8()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow HBO in icAnsiToUtf8 in the XML conversion path. The issue is triggered by a crafted ICC profile which causes icAnsiToUtf8std::string&, char const ...

CVE-2026-34556 iccDEV: HBO in icAnsiToUtf8()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow HBO in icAnsiToUtf8 in the XML conversion path. The issue is triggered by a crafted ICC profile which causes icAnsiToUtf8std::string&, char const ...

CVE-2026-34556 iccDEV: HBO in icAnsiToUtf8()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow HBO in icAnsiToUtf8 in the XML conversion path. The issue is triggered by a crafted ICC profile which causes icAnsiToUtf8std::string&, char const ...

CVE-2026-34536

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack overflow SO in SIccCalcOp::ArgsUsed. The issue is observable under AddressSanitizer as a stack-overflow when iccApplyProfiles processes ...

CVE-2026-34551 iccDEV: NPD in CIccTagLut16::Write()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a null-pointer dereference NPD in CIccTagLut16::Write can be triggered when processing a crafted ICC profile embedded in a TIFF and extracted during iccTiffDump. This issue has...

CVE-2026-34551 iccDEV: NPD in CIccTagLut16::Write()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a null-pointer dereference NPD in CIccTagLut16::Write can be triggered when processing a crafted ICC profile embedded in a TIFF and extracted during iccTiffDump. This issue has...

CVE-2026-34547

iccDEV contains an Undefined Behavior in IccUtil.cpp that can be triggered by a crafted ICC profile when running iccDumpProfile, affecting versions prior to 2.3.1.6. The issue has been patched in 2.3.1.6. Affected component/filename: IccUtil.cpp within iccDEV libraries/tools for ICC color managem...

EUVD-2026-17703

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile and TIFF input can trigger a heap-buffer-overflow HBO in CTiffImg::WriteLine. The issue is observable under AddressSanitizer as an out-of-bounds heap read...

CVE-2026-34537

iccDEV is affected prior to version 2.3.1.6. A crafted ICC profile can trigger Undefined Behavior in CIccOpDefEnvVar::Exec() due to invalid enum values loaded for icSigCmmEnvVar, observable under UBSan as load of value not a valid value for type icSigCmmEnvVar. The issue has been patched in versi...

CVE-2026-34535 iccDEV: SEGV in CIccTagArray::Cleanup()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault SEGV in CIccTagArray::Cleanup. The issue is observable under UBSan/ASan as misaligned member access / misaligned pointer...

CVE-2026-34534 iccDEV: HBO in CIccMpeSpectralMatrix::Describe()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow HBO in CIccMpeSpectralMatrix::Describe. The issue is observable under AddressSanitizer as an out-of-bounds heap read when...

iccDEV 安全漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.6 contained security vulnerabilities; these vulnerabilities were caused by specially crafted ICC configuration files that could trigger undefined behaviors...

iccDEV 代码问题漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.6 contained code-related vulnerabilities. These vulnerabilities stemmed from specially crafted ICC configuration files that could trigger calls to null...

EUVD-2025-21120

Malicious code in bioql PyPI...

DEBIAN-CVE-2025-5992

When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1...

K13500115: Little CMS (aka lcms2) vulnerability CVE-2016-10165

Security Advisory Description The TypeMLURead function in cmstypes.c in Little CMS aka lcms2 allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. CVE-2016-10165 Impact There is no...

CVE-2016-10165

The TypeMLURead function in cmstypes.c in Little CMS aka lcms2 allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read...

EulerOS 2.0 SP3 : lcms2 (EulerOS-SA-2019-2601)

According to the version of the lcms2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The TypeMLURead function in cmstypes.c in Little CMS aka lcms2 allows remote attackers to obtain sensitive information or cause a denial of service v...