CVE-2026-34548

Published: Apr 01, 2026 Last Modified: Apr 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,2

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: high

Description

AI Translation Available

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) condition in the XML conversion tooling path (iccToXml) caused by an implicit conversion from a negative signed integer to icUInt32Number (unsigned 32-bit), which changes the value. This issue has been patched in version 2.3.1.6.

681

Incorrect Conversion between Numeric Types

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Other Integrity

Potential Impacts:

Unexpected State Quality Degradation

Applicable Platforms

Languages: C, Not Language-Specific

Likelihood of Exploit: High

View CWE Details

https://github.com/InternationalColorConsortium/iccDEV/issu…

https://github.com/InternationalColorConsortium/iccDEV/issues/722

https://github.com/InternationalColorConsortium/iccDEV/pull…

https://github.com/InternationalColorConsortium/iccDEV/pull/725

https://github.com/InternationalColorConsortium/iccDEV/secu…

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA…

CVE-2026-34548

Description

Incorrect Conversion between Numeric Types

Common Consequences

Applicable Platforms

Iscriviti alla newsletter