CVE-2026-34554

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6

Description iccDEV provides a set of libraries and tools for working with ICC color management profiles. A heap-buffer-overflow (HBO) in the CIccApplyCmmSearch::costFunc() function can be triggered via malformed JSON configuration input to the iccApplySearch tool. AddressSanitizer reports an out-of-bounds READ of size 8 originating from CIccApplyCmmSearch::costFunc(CIccSearchVec&) at IccProfLib/IccCmmSearch.cpp:112:5.

Recommendations Versions prior to 2.3.1.6 should be updated to version 2.3.1.6 or later.