6.2

CVE-2026-34552

Exploit

EPSS 0.02%
Veröffentlicht 31.03.2026 22:15:30
Zuletzt bearbeitet 20.04.2026 14:34:19
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

iccDEV: UB at IccTagLut.cpp

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) issue in IccTagLut.cpp where the code performs member access through a null pointer of type CIccApplyCLUT. This issue has been patched in version 2.3.1.6.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Color ≫ Iccdev Version < 2.3.1.6

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.04

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
security-advisories@github.com	6.2	2.5	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wgh5-wvv2-r8pq

Patch

Vendor Advisory

https://github.com/InternationalColorConsortium/iccDEV/issues/701

Exploit

Issue Tracking

https://github.com/InternationalColorConsortium/iccDEV/pull/730

Patch

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-34552

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-34552

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-34552

EUVD