6.2

CVE-2026-34546

Exploit

EPSS 0.02%
Veröffentlicht 31.03.2026 22:06:56
Zuletzt bearbeitet 20.04.2026 14:32:34
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

iccDEV: UB at TiffImg.h

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted TIFF input can trigger Undefined Behavior (UB) due to division by zero in the TIFF handling code paths used by iccTiffDump. This issue has been patched in version 2.3.1.6.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Color ≫ Iccdev Version < 2.3.1.6

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.04

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
security-advisories@github.com	6.2	2.5	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-369 Divide By Zero

The product divides a value by zero.

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-fxgq-wf5v-25pq

Patch

Vendor Advisory

https://github.com/InternationalColorConsortium/iccDEV/issues/719

Exploit

Issue Tracking

https://github.com/InternationalColorConsortium/iccDEV/pull/723

Patch

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-34546

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-34546

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-34546

EUVD