CVE-2026-34554
Received Received - Intake
Heap Buffer Overflow in iccApplySearch Tool via Malformed JSON

Publication date: 2026-03-31

Last updated on: 2026-04-20

Assigner: GitHub, Inc.

Description
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a heap-buffer-overflow (HBO) in CIccApplyCmmSearch::costFunc() can be triggered via malformed JSON configuration input to the iccApplySearch tool. AddressSanitizer reports an out-of-bounds READ of size 8 originating from CIccApplyCmmSearch::costFunc(CIccSearchVec&) at IccProfLib/IccCmmSearch.cpp:112:5. This issue has been patched in version 2.3.1.6.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-04-20
Generated
2026-06-16
AI Q&A
2026-04-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34554
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
color iccdev to 2.3.1.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a heap-buffer-overflow (HBO) in the iccDEV library, specifically in the function CIccApplyCmmSearch::costFunc(). It can be triggered by providing malformed JSON configuration input to the iccApplySearch tool. The issue causes an out-of-bounds read of size 8, which means the program reads memory outside the allocated buffer, potentially leading to crashes or other unexpected behavior.

Impact Analysis

The impact of this vulnerability is primarily availability-related. Since it involves a heap-buffer-overflow triggered by malformed input, it can cause the affected application to crash or behave unpredictably. According to the CVSS score, it has a high impact on availability but does not affect confidentiality or integrity.

Mitigation Strategies

The vulnerability has been patched in iccDEV version 2.3.1.6. To mitigate this vulnerability, you should update your iccDEV iccproflib to version 2.3.1.6 or later.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34554. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart