CVE-2026-34548

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-34548
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-34548.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-34548
Aliases
  • GHSA-prwp-9gv6-ccxv
Published
2026-03-31T22:09:49.333Z
Modified
2026-04-10T05:43:02.690248Z
Severity
  • 6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
iccDEV: UB at IccUtilXml.cpp
Details

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) condition in the XML conversion tooling path (iccToXml) caused by an implicit conversion from a negative signed integer to icUInt32Number (unsigned 32-bit), which changes the value. This issue has been patched in version 2.3.1.6.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/34xxx/CVE-2026-34548.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-681"
    ]
}
References

Affected packages

Git / github.com/internationalcolorconsortium/iccdev

Affected ranges

Type
GIT
Repo
https://github.com/internationalcolorconsortium/iccdev
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e280b0ad4b5574594c6a987bfa3ceb4f196f4b34
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.3.1.6"
        }
    ]
}

Affected versions

v2.*
v2.2.6
v2.3.1
v2.3.1.1
v2.3.1.2
v2.3.1.3
v2.3.1.4
v2.3.1.5
wasm-v2.*
wasm-v2.3.5

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-34548.json"