CVE-2026-34547: iccDEV: UB at IccUtil.cpp
Published Mar 31, 2026
·Updated
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, an Undefined Behavior (UB) condition in IccUtil.cpp can be triggered by a crafted ICC profile when running iccDumpProfile. This issue has been patched in version 2.3.1.6.
Affected Software
2 affected components
iccDEV iccDumpProfile<2.3.1.6
Color iccDEV<2.3.1.6
Remediation
Event History
Mar 31, 2026
CVE Published
via MITRE·10:08 PM
Data Sourced
via MITRE·10:08 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·11:17 PM
RemedyDescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2026-34547?
CVE-2026-34547 is classified as a medium severity vulnerability due to potential undefined behavior triggered by crafted ICC profiles.
2
How do I fix CVE-2026-34547?
To fix CVE-2026-34547, update iccDEV to version 2.3.1.6 or later.
3
What component is affected by CVE-2026-34547?
CVE-2026-34547 affects the iccDumpProfile tool within the iccDEV library.
4
What kind of issue is CVE-2026-34547?
CVE-2026-34547 is an Undefined Behavior (UB) issue that can be triggered by using a malicious ICC profile.
5
In which version was CVE-2026-34547 patched?
CVE-2026-34547 was patched in version 2.3.1.6 of the iccDEV library.