Compliance Impact

CVE-2026-34555 is a stack-based buffer overflow vulnerability in the iccDEV library that can lead to denial-of-service (DoS) conditions or potentially arbitrary code execution when processing crafted ICC profiles.

The vulnerability impacts availability by causing crashes or memory corruption but does not affect confidentiality or integrity of data, as indicated by the CVSS metrics (Confidentiality: None, Integrity: None, Availability: High).

Because the vulnerability does not involve unauthorized access to or disclosure of personal or sensitive data, it does not directly implicate compliance with data protection regulations such as GDPR or HIPAA.

However, organizations relying on iccDEV for color profile processing should consider the availability impact, as denial-of-service could disrupt services or workflows, which might indirectly affect operational compliance requirements.

Useful 0 Not Useful 0

Executive Summary

This vulnerability is a stack-buffer-overflow (SBO) found in the iccDEV libraries and tools used for ICC color management profiles. Specifically, it occurs in the function CIccTagFixedNum::GetValues() and involves a write operation that overflows a 4-byte stack variable. The overflow happens through a call chain involving CIccTagFixedNum::GetValues() and CIccTagStruct::GetElemNumberValue(). This flaw can cause a program crash or other unintended behavior. The issue was fixed in version 2.3.1.6 of iccDEV.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can lead to a crash of the affected software due to a stack-buffer-overflow. According to the CVSS score, it has a high impact on availability (A:H), meaning it can cause denial of service by crashing the application. However, it does not impact confidentiality or integrity. The attack requires local access with low privileges and no user interaction.

Useful 0 Not Useful 0

Mitigation Strategies

The vulnerability has been patched in iccDEV version 2.3.1.6. To mitigate this vulnerability, you should upgrade your iccDEV libraries and tools to version 2.3.1.6 or later.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by running fuzz testing tools such as libFuzzer or AFL++ with AddressSanitizer (ASan) and UndefinedBehaviorSanitizer (UBSan) enabled to identify stack-buffer-overflow and undefined behavior issues when processing ICC profile files.

Specifically, the vulnerability was reproduced using crafted ICC profile files (e.g., sbo-GetValues-FixedNum-crafted-cenc.icc) with iccDEV tools like iccApplyToLink, iccApplyNamedCmm, and iccApplySearch.

To detect the vulnerability on your system, you can build the iccDEV project with sanitizers enabled and run the following example commands:

• Build iccDEV with Clang and sanitizers enabled: clang++ -fsanitize=address,undefined -fno-omit-frame-pointer -g -O1 -fprofile-arcs -ftest-coverage
• Run iccApplyToLink with the crafted ICC profile to trigger the stack-buffer-overflow: ./iccApplyToLink sbo-GetValues-FixedNum-crafted-cenc.icc
• Run iccApplyNamedCmm with the crafted ICC profile and JSON configuration to detect undefined behavior: ./iccApplyNamedCmm -c config.json
• Run iccApplySearch with a crafted ICC profile to detect type confusion and invalid pointer usage: ./iccApplySearch sbo-CIccTagStruct-GetElemNumberValue-IccTagComposite_cpp-Line737.icc

These commands, when run with sanitizers enabled, will produce runtime errors or sanitizer reports indicating the presence of the vulnerability.

Useful 0 Not Useful 0