CVE-2026-34540

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6

Description ccDEV is a set of libraries and tools for working with ICC color management profiles. A crafted ICC profile can trigger a heap-buffer-overflow in the icMemDump() function when iccDumpProfile attempts to dump or describe malformed tag contents. This issue is observable under AddressSanitizer as an out-of-bounds heap read in icMemDump() at IccProfLib/IccUtil.cpp:1002, reachable via CIccTagUnknown::Describe().

Recommendations Update to version 2.3.1.6 or later.