Description
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a defect in LUT dump/iteration logic affecting CIccCLUT::Iterate() and output produced by CIccMBB::Describe() (via CLUT dumping). This issue has been patched in version 2.3.1.6.
Published: 2026-03-31
Score: 4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

The defect in iccDEV’s CIccCLUT::Iterate() and the CLUT dumping logic used by CIccMBB::Describe() can cause the library to consume excessive resources or crash, leading to a denial of service. This vulnerability is classified under CWE‑562 and CWE‑665, indicating issues with resource management and buffer handling. The impact is a loss of availability for any application that processes ICC profiles using these functions.

Affected Systems

International Color Consortium’s iccDEV library in all versions prior to 2.3.1.6. The affected code resides in the CIccCLUT::Iterate() function and the CLUT dumping path of CIccMBB::Describe(). Any system that loads or processes ICC profiles with a vulnerable version of iccDEV is at risk.

Risk and Exploitability

The CVSS score of 4.0 indicates a medium to low severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local or remote, depending on how the application uses iccDEV; an attacker could trigger the DoS by supplying crafted ICC profile data that exercises the vulnerable logic. Because exploitation requires the library to be loaded and the specific code path to be invoked, the overall risk remains moderate. Prompt remediation is still recommended due to the availability impact.

Generated by OpenCVE AI on April 1, 2026 at 06:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade iccDEV to version 2.3.1.6 or later
  • Rebuild or update dependent applications to reference the patched library
  • If an upgrade cannot be performed immediately, restrict usage of CLUT dumping or CIccMBB::Describe() to trusted inputs only
  • Monitor application logs for repeated failures or resource exhaustion that may indicate exploitation attempts

Generated by OpenCVE AI on April 1, 2026 at 06:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Color
Color iccdev
CPEs cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*
Vendors & Products Color
Color iccdev

Fri, 03 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Internationalcolorconsortium
Internationalcolorconsortium iccdev
Vendors & Products Internationalcolorconsortium
Internationalcolorconsortium iccdev

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Description iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a defect in LUT dump/iteration logic affecting CIccCLUT::Iterate() and output produced by CIccMBB::Describe() (via CLUT dumping). This issue has been patched in version 2.3.1.6.
Title iccDEV: DoS in CIccCLUT::Iterate() & CIccMBB::Describe()
Weaknesses CWE-562
CWE-665
References
Metrics cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Color Iccdev
Internationalcolorconsortium Iccdev
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-03T16:42:40.873Z

Reserved: 2026-03-30T16:31:39.264Z

Link: CVE-2026-34553

cve-icon Vulnrichment

Updated: 2026-04-03T16:42:36.440Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-31T23:17:10.460

Modified: 2026-04-20T14:36:32.003

Link: CVE-2026-34553

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:10:03Z

Weaknesses