CVE-2026-34533

Published: Apr 01, 2026 Last Modified: Apr 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,2

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: high

Description

AI Translation Available

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) in CIccCalculatorFunc::ApplySequence() due to invalid enum values being loaded for icChannelFuncSignature. The issue is observable under UBSan as a “load of value … not a valid value for type icChannelFuncSignature”, indicating a type/enum value confusion scenario during ICC profile processing. This issue has been patched in version 2.3.1.6.

758

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

Incomplete

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Other

Potential Impacts:

Reduce Maintainability Unexpected State Quality Degradation

Applicable Platforms

All platforms may be affected

View CWE Details

https://github.com/InternationalColorConsortium/iccDEV/issu…

https://github.com/InternationalColorConsortium/iccDEV/issues/664

https://github.com/InternationalColorConsortium/iccDEV/pull…

https://github.com/InternationalColorConsortium/iccDEV/pull/681

https://github.com/InternationalColorConsortium/iccDEV/secu…

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA…

CVE-2026-34533

Description

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

Common Consequences

Applicable Platforms

Iscriviti alla newsletter