CVE-2026-34540
The CVE concerns iccDEV ICC color management libraries. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow in icMemDump() when iccDumpProfile tries to dump/malformed tag contents. The out-of-bounds read is observed under AddressSanitizer in icMemDump(...) at IccPro...