CVE-2026-34549

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6

Description iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) condition in IccUtil.cpp triggered by a crafted input profile. Under UndefinedBehaviorSanitizer, the issue is reported as invalid left shift operations on icUInt32Number (unsigned 32-bit) where the shifted value “cannot be represented” in that type.

Recommendations Update to version 2.3.1.6 or later.