{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34542", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-30T16:31:39.263Z", "datePublished": "2026-03-31T22:05:17.233Z", "dateUpdated": "2026-04-03T16:41:12.677Z"}, "containers": {"cna": {"title": "iccDEV: SBO in CIccCalculatorFunc::Apply()", "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "lang": "en", "description": "CWE-121: Stack-based Buffer Overflow", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-6749-6859-wf96", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-6749-6859-wf96"}, {"name": "https://github.com/InternationalColorConsortium/iccDEV/issues/678", "tags": ["x_refsource_MISC"], "url": "https://github.com/InternationalColorConsortium/iccDEV/issues/678"}, {"name": "https://github.com/InternationalColorConsortium/iccDEV/pull/694", "tags": ["x_refsource_MISC"], "url": "https://github.com/InternationalColorConsortium/iccDEV/pull/694"}], "affected": [{"vendor": "InternationalColorConsortium", "product": "iccDEV", "versions": [{"version": "< 2.3.1.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T22:05:17.233Z"}, "descriptions": [{"lang": "en", "value": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack-buffer-overflow (SBO) in CIccCalculatorFunc::Apply() when processed via iccApplyNamedCmm. Under AddressSanitizer, the failure is reported as a 4-byte write stack-buffer-overflow in IccProfLib/IccMpeCalc.cpp:3873, reachable through the MPE calculator / curve set initialization path. This issue has been patched in version 2.3.1.6."}], "source": {"advisory": "GHSA-6749-6859-wf96", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-03T16:41:02.870087Z", "id": "CVE-2026-34542", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T16:41:12.677Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34542", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-03T16:41:02.870087Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T16:41:08.857Z"}}], "cna": {"title": "iccDEV: SBO in CIccCalculatorFunc::Apply()", "source": {"advisory": "GHSA-6749-6859-wf96", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "InternationalColorConsortium", "product": "iccDEV", "versions": [{"status": "affected", "version": "< 2.3.1.6"}]}], "references": [{"url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-6749-6859-wf96", "name": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-6749-6859-wf96", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/issues/678", "name": "https://github.com/InternationalColorConsortium/iccDEV/issues/678", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/pull/694", "name": "https://github.com/InternationalColorConsortium/iccDEV/pull/694", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack-buffer-overflow (SBO) in CIccCalculatorFunc::Apply() when processed via iccApplyNamedCmm. Under AddressSanitizer, the failure is reported as a 4-byte write stack-buffer-overflow in IccProfLib/IccMpeCalc.cpp:3873, reachable through the MPE calculator / curve set initialization path. This issue has been patched in version 2.3.1.6."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T22:05:17.233Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34542", "state": "PUBLISHED", "dateUpdated": "2026-04-03T16:41:12.677Z", "dateReserved": "2026-03-30T16:31:39.263Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-31T22:05:17.233Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE133F29-9592-4669-8B76-9F7C88EFE17D", "versionEndExcluding": "2.3.1.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack-buffer-overflow (SBO) in CIccCalculatorFunc::Apply() when processed via iccApplyNamedCmm. Under AddressSanitizer, the failure is reported as a 4-byte write stack-buffer-overflow in IccProfLib/IccMpeCalc.cpp:3873, reachable through the MPE calculator / curve set initialization path. This issue has been patched in version 2.3.1.6."}, {"lang": "es", "value": "iccDEV proporciona un conjunto de bibliotecas y herramientas para trabajar con perfiles de gesti\u00f3n de color ICC. Antes de la versi\u00f3n 2.3.1.6, un perfil ICC manipulado puede desencadenar un desbordamiento de b\u00fafer de pila (SBO) en CIccCalculatorFunc::Apply() cuando se procesa a trav\u00e9s de iccApplyNamedCmm. Bajo AddressSanitizer, el fallo se informa como un desbordamiento de b\u00fafer de pila de escritura de 4 bytes en IccProfLib/IccMpeCalc.cpp:3873, accesible a trav\u00e9s de la ruta de inicializaci\u00f3n del calculador MPE / conjunto de curvas. Este problema ha sido parcheado en la versi\u00f3n 2.3.1.6."}], "id": "CVE-2026-34542", "lastModified": "2026-04-20T14:31:14.450", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-31T22:16:21.920", "references": [{"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Exploit"], "url": "https://github.com/InternationalColorConsortium/iccDEV/issues/678"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/InternationalColorConsortium/iccDEV/pull/694"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-6749-6859-wf96"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.3.1.6)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "iccDEV", "source": "cna", "vendor": "InternationalColorConsortium"}, "product": "iccdev", "vendor": "internationalcolorconsortium"}], "analysis": {"en": {"generated_at": "2026-04-01T05:59:33.665210+00:00", "value": {"mitigation_remediation": ["Upgrade iccDEV to version 2.3.1.6 or later.", "If upgrading is not immediately possible, prevent the processing of untrusted ICC profiles or isolate such processing in a sandboxed environment.", "Monitor system logs for anomalous crashes or unusual profile activity and apply additional security controls to protect the application using iccDEV."], "summary": {"action": "Immediate Patch", "impact": "Stack Buffer Overflow that may enable code execution"}, "threat_synthesis": {"affected_systems": "The InternationalColorConsortium ilcDEV library and tools are affected. All releases preceding v2.3.1.6 are vulnerable; the issue was fixed in v2.3.1.6. Users running earlier versions on any platform that processes ICC profiles are potentially at risk.", "description_and_impact": "A crafted ICC color profile can trigger a stack\u2011buffer\u2011overflow in the CIccCalculatorFunc::Apply() routine of iccDEV. The overflow occurs when the profile is processed via iccApplyNamedCmm, allowing a 4\u2011byte write that can corrupt control data on the stack. If an attacker succeeds, they could execute arbitrary code or cause a denial\u2011of\u2011service by corrupting the execution flow of the process that loads the profile.", "risk_and_exploitability": "The CVSS score of 6.2 indicates moderate severity. No EPSS score is listed, and the vulnerability is not in the CISA KEV catalog, suggesting limited or no publicly available exploits currently. The likely attack vector involves a malicious or malformed ICC profile being processed by an application that depends on iccDEV. If the profile is loaded in a privileged context, the compromised stack could lead to elevation of privileges or remote code execution."}}}}, "created": "2026-04-02T07:51:52.423298+00:00", "updated": "2026-04-02T20:10:12.333981+00:00", "vendors": ["internationalcolorconsortium", "internationalcolorconsortium$PRODUCT$iccdev"]}