CVE-2026-34546

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-34546
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-34546.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-34546
Aliases
  • GHSA-fxgq-wf5v-25pq
Published
2026-03-31T22:06:56.724Z
Modified
2026-04-10T05:43:03.033282Z
Severity
  • 6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
iccDEV: UB at TiffImg.h
Details

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted TIFF input can trigger Undefined Behavior (UB) due to division by zero in the TIFF handling code paths used by iccTiffDump. This issue has been patched in version 2.3.1.6.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/34xxx/CVE-2026-34546.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-369"
    ]
}
References

Affected packages

Git / github.com/internationalcolorconsortium/iccdev

Affected ranges

Type
GIT
Repo
https://github.com/internationalcolorconsortium/iccdev
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e280b0ad4b5574594c6a987bfa3ceb4f196f4b34
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.3.1.6"
        }
    ]
}

Affected versions

v2.*
v2.2.6
v2.3.1
v2.3.1.1
v2.3.1.2
v2.3.1.3
v2.3.1.4
v2.3.1.5
wasm-v2.*
wasm-v2.3.5

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-34546.json"