CVE-2026-34537

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6

Description ccDEV, a set of libraries and tools for working with ICC color management profiles, is susceptible to a flaw where a crafted ICC profile can trigger Undefined Behavior (UB) in the CIccOpDefEnvVar::Exec() function. This occurs due to invalid enum values being loaded for icSigCmmEnvVar. The issue is observable under UBSan as a “load of value … not a valid value for type icSigCmmEnvVar”, indicating an invalid enum/type value being consumed during ICC profile processing.

Recommendations Versions prior to 2.3.1.6 should be updated to version 2.3.1.6 or later.