CVE-2026-34541 in iccDEVinfo

Summary

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) via a null-pointer member call in CIccCombinedConnectionConditions::CIccCombinedConnectionConditions() (reported by UBSan as “member call on null pointer of type CIccTagSpectralViewingConditions”). The issue is reachable when running iccApplyNamedCmm with -PCC using a malformed .icc profile. This issue has been patched in version 2.3.1.6.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Responsible

GitHub_M

Reservation

03/30/2026

Disclosure

04/01/2026

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
354577	InternationalColorConsortium iccDEV ICC Color Profile CIccCombinedConnectionConditions null pointer dereference	476	Not defined	Official fix	CVE-2026-34541

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!