CVE-2026-34539

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6

Description iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile and TIFF input can trigger a heap-buffer-overflow in CTiffImg::WriteLine(). The issue is observable as an out-of-bounds heap read when running iccSpecSepToTiff on a malicious .icc + .tif pair, leading to a crash during TIFF strip writing.

Recommendations Versions prior to 2.3.1.6 should be updated to version 2.3.1.6 or later.