{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34540", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-30T16:31:39.263Z", "datePublished": "2026-03-31T22:03:24.212Z", "dateUpdated": "2026-04-01T13:31:29.126Z"}, "containers": {"cna": {"title": "iccDEV: HBO in icMemDump()", "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-gjx3-6cp6-q2x5", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-gjx3-6cp6-q2x5"}, {"name": "https://github.com/InternationalColorConsortium/iccDEV/issues/674", "tags": ["x_refsource_MISC"], "url": "https://github.com/InternationalColorConsortium/iccDEV/issues/674"}, {"name": "https://github.com/InternationalColorConsortium/iccDEV/pull/689", "tags": ["x_refsource_MISC"], "url": "https://github.com/InternationalColorConsortium/iccDEV/pull/689"}], "affected": [{"vendor": "InternationalColorConsortium", "product": "iccDEV", "versions": [{"version": "< 2.3.1.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T22:03:24.212Z"}, "descriptions": [{"lang": "en", "value": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow (HBO) in icMemDump() when iccDumpProfile attempts to dump/describe malformed tag contents. The issue is observable under AddressSanitizer as an out-of-bounds heap read in icMemDump(...) at IccProfLib/IccUtil.cpp:1002, reachable via CIccTagUnknown::Describe(). This issue has been patched in version 2.3.1.6."}], "source": {"advisory": "GHSA-gjx3-6cp6-q2x5", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/InternationalColorConsortium/iccDEV/issues/674", "tags": ["exploit"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/pull/689", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T13:31:24.835266Z", "id": "CVE-2026-34540", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T13:31:29.126Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34540", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-01T13:31:24.835266Z"}}}], "references": [{"url": "https://github.com/InternationalColorConsortium/iccDEV/issues/674", "tags": ["exploit"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/pull/689", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T13:31:20.364Z"}}], "cna": {"title": "iccDEV: HBO in icMemDump()", "source": {"advisory": "GHSA-gjx3-6cp6-q2x5", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "InternationalColorConsortium", "product": "iccDEV", "versions": [{"status": "affected", "version": "< 2.3.1.6"}]}], "references": [{"url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-gjx3-6cp6-q2x5", "name": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-gjx3-6cp6-q2x5", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/issues/674", "name": "https://github.com/InternationalColorConsortium/iccDEV/issues/674", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/pull/689", "name": "https://github.com/InternationalColorConsortium/iccDEV/pull/689", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow (HBO) in icMemDump() when iccDumpProfile attempts to dump/describe malformed tag contents. The issue is observable under AddressSanitizer as an out-of-bounds heap read in icMemDump(...) at IccProfLib/IccUtil.cpp:1002, reachable via CIccTagUnknown::Describe(). This issue has been patched in version 2.3.1.6."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T22:03:24.212Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34540", "state": "PUBLISHED", "dateUpdated": "2026-04-01T13:31:29.126Z", "dateReserved": "2026-03-30T16:31:39.263Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-31T22:03:24.212Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE133F29-9592-4669-8B76-9F7C88EFE17D", "versionEndExcluding": "2.3.1.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow (HBO) in icMemDump() when iccDumpProfile attempts to dump/describe malformed tag contents. The issue is observable under AddressSanitizer as an out-of-bounds heap read in icMemDump(...) at IccProfLib/IccUtil.cpp:1002, reachable via CIccTagUnknown::Describe(). This issue has been patched in version 2.3.1.6."}, {"lang": "es", "value": "iccDEV proporciona un conjunto de bibliotecas y herramientas para trabajar con perfiles de gesti\u00f3n de color ICC. Antes de la versi\u00f3n 2.3.1.6, un perfil ICC manipulado puede desencadenar un desbordamiento de b\u00fafer de pila (HBO) en icMemDump() cuando iccDumpProfile intenta volcar/describir contenidos de etiquetas malformados. El problema es observable bajo AddressSanitizer como una lectura de pila fuera de l\u00edmites en icMemDump(...) en IccProfLib/IccUtil.cpp:1002, alcanzable a trav\u00e9s de CIccTagUnknown::Describe(). Este problema ha sido parcheado en la versi\u00f3n 2.3.1.6."}], "id": "CVE-2026-34540", "lastModified": "2026-04-20T13:53:34.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-31T22:16:21.600", "references": [{"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Exploit"], "url": "https://github.com/InternationalColorConsortium/iccDEV/issues/674"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/InternationalColorConsortium/iccDEV/pull/689"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-gjx3-6cp6-q2x5"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Issue Tracking", "Exploit"], "url": "https://github.com/InternationalColorConsortium/iccDEV/issues/674"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/InternationalColorConsortium/iccDEV/pull/689"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.3.1.6)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "iccDEV", "source": "cna", "vendor": "InternationalColorConsortium"}, "product": "iccdev", "vendor": "internationalcolorconsortium"}], "analysis": {"en": {"generated_at": "2026-04-01T06:35:25.903944+00:00", "value": {"mitigation_remediation": ["Upgrade iccDEV to version 2.3.1.6 or later.", "If an upgrade is not feasible, restrict the use of iccDEV to trusted ICC profiles only and sandbox or deny untrusted profile loading.", "Monitor system logs for unexpected crashes or access\u2011violation events during ICC profile handling."], "summary": {"action": "Immediate Patch", "impact": "Heap Buffer Overflow leading to potential data disclosure or crash"}, "threat_synthesis": {"affected_systems": "All releases of International Color Consortium\u2019s iccDEV library older than version 2.3.1.6 are vulnerable. Applications that load or dump ICC profiles via iccDEV without validating the profile are impacted unless running the patched release.", "description_and_impact": "A malformed ICC profile can trigger a heap\u2011buffer\u2011overflow in the icMemDump function of iccDEV. The overflow occurs when the library reads malformed tag contents during a profile dump, resulting in an out\u2011of\u2011bounds heap read. This weakness is classified as CWE\u2011122 and can cause unhandled crashes or unintended disclosure of memory contents.", "risk_and_exploitability": "The CVSS score of 6.2 indicates a medium severity vulnerability. No EPSS score is available, and the flaw is not in the CISA KEV catalog. The likely attack vector is local, where an attacker supplies a crafted ICC profile to an application that uses iccDEV; it may also be exploitable from remote if the profile is transmitted to a remote service that processes it. Exploitation would produce a crash or potential data exposure, but it requires the affected application to process the malicious profile."}}}}, "created": "2026-04-02T07:51:54.368232+00:00", "updated": "2026-04-02T20:10:14.193167+00:00", "vendors": ["internationalcolorconsortium", "internationalcolorconsortium$PRODUCT$iccdev"]}