CVE-2026-34552

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior UB issue in IccTagLut.cpp where the code performs member access through a null pointer of type CIccApplyCLUT. This issue has been patched in versio...

CVE-2026-34556 iccDEV: HBO in icAnsiToUtf8()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow HBO in icAnsiToUtf8 in the XML conversion path. The issue is triggered by a crafted ICC profile which causes icAnsiToUtf8std::string&, char const ...

CVE-2026-34553 iccDEV: DoS in CIccCLUT::Iterate() & CIccMBB::Describe()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a defect in LUT dump/iteration logic affecting CIccCLUT::Iterate and output produced by CIccMBB::Describe via CLUT dumping. This issue has been patched in version 2.3.1....

CVE-2026-34541

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior UB via a null-pointer member call in CIccCombinedConnectionConditions::CIccCombinedConnectionConditions reported by UBSan as...

CVE-2026-34537

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior UB in CIccOpDefEnvVar::Exec due to invalid enum values being loaded for icSigCmmEnvVar. The issue is observable under UBSan a...

iccDEV 数字错误漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.6 contained a numerical error vulnerability. This vulnerability occurred due to specially crafted TIFF inputs, which could lead to zero errors and trigger...

CVE-2026-30978

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-use-after-free in CIccCmm::AddXform causing invalid vptr dereference and crash. This vulnerability is fixed in 2.3.1.5...

CVE-2026-30980 iccDEV has a stack overflow in CIccBasicStructFactory::CreateStruct()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack overflow in CIccBasicStructFactory::CreateStruct causing uncontrolled recursion/stack exhaustion and crash. This vulnerability is fixed in 2.3.1.5...

CVE-2026-31794 iccDEV has a SEGV in CIccCLUT::Interp3d()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a segmentation fault from invalid/wild pointer read in CIccCLUT::Interp3d causing a denial of service. This vulnerability is fixed in 2.3.1.5...

CVE-2026-31794 iccDEV has a SEGV in CIccCLUT::Interp3d()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a segmentation fault from invalid/wild pointer read in CIccCLUT::Interp3d causing a denial of service. This vulnerability is fixed in 2.3.1.5...

CVE-2026-31792 iccDEV has a null pointer dereference in CIccTagXmlStruct::ParseTag()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a null pointer dereference in CIccTagXmlStruct::ParseTag causing a segmentation fault or denial of service. This vulnerability is fixed in 2.3.1.5...

CVE-2026-30987 iccDEV has a stack buffer overflow in CIccTagNum<(icTagTypeSignature)>::GetValues()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in CIccTagNum::GetValues causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5...

CVE-2026-30985

ICCDev is affected by a heap-based buffer overflow in CIccMatrixMath::SetRange() prior to version 2.3.1.5, causing memory corruption or crash. The issue is fixed in 2.3.1.5. CVSSv3.1 base score is 7.8 (HIGH) with local attack vector, no privileges required, requiring user interaction. The connect...

CVE-2026-30983

ICC Dev (iccDEV) contains a stack-based overflow in icFixXml(), caused by strcpy, affecting the icFixXml() path prior to version 2.3.1.5. The vulnerability can lead to stack memory corruption or a crash and is rated HIGH (CVSS 3.1: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) with LOCAL exploitability an...

CVE-2026-30983 iccDEV has a stack buffer overflow in icFixXml()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in icFixXml strcpy causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5...

CVE-2026-30982

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccPcsXform::pushXYZConvert causing crash and potentially leaking memory contents. This vulnerability is fixed in 2.3.1.5...

CVE-2026-30981 iccDEV has a heap-buffer-overflow read in CIccXmlArrayType<>

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-buffer-overflow read in CIccXmlArrayType::DumpArray causing out-of-bounds read and/or crash. This vulnerability is fixed in 2.3.1.5...

iccDEV 安全漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.5 contained security vulnerabilities. These vulnerabilities stemmed from a stack overflow vulnerability in the CIccBasicStructFactory::CreateStruct function...

iccDEV 安全漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.5 contained security vulnerabilities. These vulnerabilities stemmed from the use of the CIccCmm::AddXform function, where the heap was reused after...

CVE-2026-27692 iccDEV has HBO in CIccTagTextDescription::Release()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release when strlen reads past a heap buffer while parsing ICC profile XML text description tags,...