CVE-2026-34535

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6

Description iccDEV is a set of libraries and tools for working with ICC color management profiles. A crafted ICC profile can trigger a segmentation fault (SEGV) in the CIccTagArray::Cleanup() function, leading to a process crash when running iccRoundTrip on a malicious profile. The issue is observable under UBSan/ASan as misaligned member access and misaligned pointer loads followed by an invalid read.

Recommendations Update to version 2.3.1.6 or later.