CVE-2026-34539 in iccDEV信息

摘要 (英语)

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile and TIFF input can trigger a heap-buffer-overflow (HBO) in CTiffImg::WriteLine(). The issue is observable under AddressSanitizer as an out-of-bounds heap read when running iccSpecSepToTiff on a malicious .icc + .tif pair, leading to a crash during TIFF strip writing. This issue has been patched in version 2.3.1.6.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

负责

GitHub_M

预定

2026-03-30

披露

2026-04-01

状态

已确认

条目

VulDB provides additional information and datapoints for this CVE:

标识符	漏洞	CWE	可利用	对策	CVE
354573	InternationalColorConsortium iccDEV ICC Color Profile WriteLine 内存损坏	122	未定义	官方修复	CVE-2026-34539

描述

CPE

CWE

CVSS

漏洞利用

历史

差异

连接

威胁情报

API JSON

API XML

API CSV

来源

◂ 上一步一览下一步 ▸

Do you need the next level of professionalism?

Upgrade your account now!