CVE-2026-34541

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6

Description ccDEV is a set of libraries and tools for working with ICC color management profiles. A crafted ICC profile can trigger Undefined Behavior (UB) via a null-pointer member call in CIccCombinedConnectionConditions::CIccCombinedConnectionConditions(). This issue is reachable when running iccApplyNamedCmm with the -PCC option using a malformed .icc profile.

Recommendations Versions prior to 2.3.1.6 should be updated to version 2.3.1.6 or later.