CVE-2026-34537

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior UB in CIccOpDefEnvVar::Exec due to invalid enum values being loaded for icSigCmmEnvVar. The issue is observable under UBSan a...

CVE-2026-34535

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault SEGV in CIccTagArray::Cleanup. The issue is observable under UBSan/ASan as misaligned member access / misaligned pointer...

CVE-2026-34534 iccDEV: HBO in CIccMpeSpectralMatrix::Describe()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow HBO in CIccMpeSpectralMatrix::Describe. The issue is observable under AddressSanitizer as an out-of-bounds heap read when...

CVE-2026-30979

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp triggered with local user interaction causing memory corruption/crash. This vulnerability is fixed in 2.3.1.5...

CVE-2026-31797

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CTiffImg::ReadLine when iccApplyProfiles processes a crafted TIFF image, causing memory disclosure or crash. This vulnerability is fixed in 2.3.1.5...

CVE-2026-31796

ICCDev contains a heap-based buffer overflow in icCurvesFromXml() that can cause heap corruption or a crash. Affected versions are prior to 2.3.1.5, with the fix implemented in 2.3.1.5. Remediation: upgrade to 2.3.1.5 or later. Exploitation status is not provided in the available documents.

iccDEV 缓冲区错误漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.5 contained a buffer error vulnerability. This vulnerability stemmed from the heap buffer overflow during the execution of the CIccMatrixMath::SetRange...

iccDEV 缓冲区错误漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.3 contained a buffer error vulnerability. This vulnerability stemmed from a heap buffer overflow in the CIccFileIO::Read8 function, which could lead to memo...

CVE-2026-21495

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to division by zero in the TIFF Image Reader. This issue has been patched in version 2.3.1.2...

CVE-2026-22255

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in CIccCLUT::Init at IccProfLib/IccTagLut.cpp. This...

CVE-2026-22255

CVE-2026-22255 affects iccDEV. Versions prior to 2.3.1.2 contain a heap-buffer-overflow in CIccCLUT::Init() within IccProfLib/IccTagLut.cpp, impacting users processing ICC color profiles. Version 2.3.1.2 includes a patch. No workarounds are documented. Exploitation details are not provided in the...

EUVD-2026-1387

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in CIccTag:IsTypeCompressed. This vulnerability affects users o...

EUVD-2026-1391

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagLut16::Read. This vulnerability affects users of the iccDEV libra...

CVE-2026-21684 iccDEV has Undefined Behavior in CIccTagSpectralViewingConditions()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions. This vulnerability affects users of th...

CVE-2026-21680 iccDEV has Null Pointer Dereference in CIccProfile::CheckTagTypes()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a NULL pointer dereference vulnerability. This vulnerability affects users of the iccDEV libra...

PT-2026-2072

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools used for interacting with, manipulating, and applying ICC color management profiles. A null pointer dereference issue exists in the CIccProfileXml::ParseBasic...

PT-2026-2090

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for interacting with International Color Consortium ICC color management profiles. A Type Confusion issue exists in the CIccSegmentedCurveXml::ToXml function...

PT-2026-2063

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools used for interacting with, manipulating, and applying ICC color management profiles. Versions prior to 2.3.1.2 are susceptible to a NULL pointer dereference...

EUVD-2026-1156

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2...

CVE-2026-21486

iccDEV is affected in versions 2.3.1.1 and earlier, where the CIccSparseMatrix::CIccSparseMatrix function contains Use After Free, Heap-based Buffer Overflow, Integer Overflow/Wraparound, and Out-of-bounds Write vulnerabilities. The issue is fixed in version 2.3.1.2. Affected products: iccDEV lib...