CVE-2026-34553: CWE-562: Return of Stack Variable Address in InternationalColorConsortium iccDEV
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a defect in LUT dump/iteration logic affecting CIccCLUT::Iterate() and output produced by CIccMBB::Describe() (via CLUT dumping). This issue has been patched in version 2.3.1.6.
AI Analysis
Technical Summary
CVE-2026-34553 is a medium severity vulnerability in the InternationalColorConsortium's iccDEV library, affecting versions prior to 2.3.1.6. The flaw involves a defect in the lookup table (LUT) dump and iteration logic, specifically in the CIccCLUT::Iterate() method and the output generated by CIccMBB::Describe(), which uses CLUT dumping. The root cause is related to returning the address of a stack variable (CWE-562), which can cause incorrect behavior or logic errors (CWE-665). This defect has been fixed in iccDEV version 2.3.1.6.
Potential Impact
The vulnerability does not affect confidentiality or availability but may lead to integrity issues due to incorrect output or logic errors in color profile processing. There are no reports of exploitation in the wild. The impact is limited to local attack vectors (AV:L) with low complexity and no privileges required, but no user interaction is needed.
Mitigation Recommendations
Upgrade to iccDEV version 2.3.1.6 or later, where this vulnerability has been patched. Since this is a non-cloud product, users must apply the update manually. Patch status is confirmed by the vendor advisory indicating the fix is included in version 2.3.1.6.
CVE-2026-34553: CWE-562: Return of Stack Variable Address in InternationalColorConsortium iccDEV
Description
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a defect in LUT dump/iteration logic affecting CIccCLUT::Iterate() and output produced by CIccMBB::Describe() (via CLUT dumping). This issue has been patched in version 2.3.1.6.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-34553 is a medium severity vulnerability in the InternationalColorConsortium's iccDEV library, affecting versions prior to 2.3.1.6. The flaw involves a defect in the lookup table (LUT) dump and iteration logic, specifically in the CIccCLUT::Iterate() method and the output generated by CIccMBB::Describe(), which uses CLUT dumping. The root cause is related to returning the address of a stack variable (CWE-562), which can cause incorrect behavior or logic errors (CWE-665). This defect has been fixed in iccDEV version 2.3.1.6.
Potential Impact
The vulnerability does not affect confidentiality or availability but may lead to integrity issues due to incorrect output or logic errors in color profile processing. There are no reports of exploitation in the wild. The impact is limited to local attack vectors (AV:L) with low complexity and no privileges required, but no user interaction is needed.
Mitigation Recommendations
Upgrade to iccDEV version 2.3.1.6 or later, where this vulnerability has been patched. Since this is a non-cloud product, users must apply the update manually. Patch status is confirmed by the vendor advisory indicating the fix is included in version 2.3.1.6.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-30T16:31:39.264Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69cd7651e6bfc5ba1df0b2fb
Added to database: 4/1/2026, 7:47:29 PM
Last enriched: 4/9/2026, 10:44:26 PM
Last updated: 5/15/2026, 11:51:40 PM
Views: 78
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.