{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T20:23:09.763","vulnerabilities":[{"cve":{"id":"CVE-2026-34539","sourceIdentifier":"security-advisories@github.com","published":"2026-03-31T22:16:21.447","lastModified":"2026-04-01T14:23:37.727","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile and TIFF input can trigger a heap-buffer-overflow (HBO) in CTiffImg::WriteLine(). The issue is observable under AddressSanitizer as an out-of-bounds heap read when running iccSpecSepToTiff on a malicious .icc + .tif pair, leading to a crash during TIFF strip writing. This issue has been patched in version 2.3.1.6."},{"lang":"es","value":"iccDEV proporciona un conjunto de bibliotecas y herramientas para trabajar con perfiles de gestión de color ICC. Antes de la versión 2.3.1.6, un perfil ICC manipulado y una entrada TIFF pueden desencadenar un desbordamiento de búfer de pila (HBO) en CTiffImg::WriteLine(). El problema es observable bajo AddressSanitizer como una lectura de pila fuera de límites al ejecutar iccSpecSepToTiff en un par malicioso de .icc + .tif, provocando un fallo durante la escritura de tiras TIFF. Este problema ha sido parcheado en la versión 2.3.1.6."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://github.com/InternationalColorConsortium/iccDEV/issues/672","source":"security-advisories@github.com"},{"url":"https://github.com/InternationalColorConsortium/iccDEV/pull/686","source":"security-advisories@github.com"},{"url":"https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4f3j-q8mm-5hr6","source":"security-advisories@github.com"}]}}]}