{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T21:16:39.174","vulnerabilities":[{"cve":{"id":"CVE-2026-34540","sourceIdentifier":"security-advisories@github.com","published":"2026-03-31T22:16:21.600","lastModified":"2026-04-20T13:53:34.300","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow (HBO) in icMemDump() when iccDumpProfile attempts to dump/describe malformed tag contents. The issue is observable under AddressSanitizer as an out-of-bounds heap read in icMemDump(...) at IccProfLib/IccUtil.cpp:1002, reachable via CIccTagUnknown::Describe(). This issue has been patched in version 2.3.1.6."},{"lang":"es","value":"iccDEV proporciona un conjunto de bibliotecas y herramientas para trabajar con perfiles de gestión de color ICC. Antes de la versión 2.3.1.6, un perfil ICC manipulado puede desencadenar un desbordamiento de búfer de pila (HBO) en icMemDump() cuando iccDumpProfile intenta volcar/describir contenidos de etiquetas malformados. El problema es observable bajo AddressSanitizer como una lectura de pila fuera de límites en icMemDump(...) en IccProfLib/IccUtil.cpp:1002, alcanzable a través de CIccTagUnknown::Describe(). Este problema ha sido parcheado en la versión 2.3.1.6."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*","versionEndExcluding":"2.3.1.6","matchCriteriaId":"DE133F29-9592-4669-8B76-9F7C88EFE17D"}]}]}],"references":[{"url":"https://github.com/InternationalColorConsortium/iccDEV/issues/674","source":"security-advisories@github.com","tags":["Issue Tracking","Exploit"]},{"url":"https://github.com/InternationalColorConsortium/iccDEV/pull/689","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-gjx3-6cp6-q2x5","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/InternationalColorConsortium/iccDEV/issues/674","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Issue Tracking","Exploit"]},{"url":"https://github.com/InternationalColorConsortium/iccDEV/pull/689","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Issue Tracking","Patch"]}]}}]}