CVE-2026-34548

Exploit

EPSS 0.02%
Veröffentlicht 31.03.2026 22:09:49
Zuletzt bearbeitet 20.04.2026 14:32:53
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

iccDEV: UB at IccUtilXml.cpp

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) condition in the XML conversion tooling path (iccToXml) caused by an implicit conversion from a negative signed integer to icUInt32Number (unsigned 32-bit), which changes the value. This issue has been patched in version 2.3.1.6.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Color ≫ Iccdev Version < 2.3.1.6

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.04

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
security-advisories@github.com	6.2	2.5	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-681 Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-prwp-9gv6-ccxv

Patch

Vendor Advisory

https://github.com/InternationalColorConsortium/iccDEV/issues/722

Exploit

Issue Tracking

https://github.com/InternationalColorConsortium/iccDEV/pull/725

Patch

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-34548

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-34548

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-34548

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-34548