What is CVE-2026-34548?

CVE-2026-34548 is a medium-severity vulnerability in Internationalcolorconsortium Iccdev, classified under Incorrect Conversion between Numeric Types. CVSS score: 6.2/10. Published 2026-03-31.

How severe is CVE-2026-34548?

Medium severity. CVSS v3 base score is 6.2 out of 10.

Vulnerability in Internationalcolorconsortium Iccdev

CVE-2026-34548

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) condition in the XML conversion tooling path (iccToXml) caused by an implicit conver…

EPSS: 0.000 (4.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.2 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Internationalcolorconsortium Iccdev — versions < 2.3.1.6

Weakness classification (CWE)

CWE-681 — Incorrect Conversion between Numeric Types

References

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-prwp-9gv6-ccxv (x_refsource_CONFIRM)
https://github.com/InternationalColorConsortium/iccDEV/issues/722 (x_refsource_MISC)
https://github.com/InternationalColorConsortium/iccDEV/pull/725 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-34548?: CVE-2026-34548 is a medium-severity vulnerability in Internationalcolorconsortium Iccdev, classified under Incorrect Conversion between Numeric Types. CVSS score: 6.2/10. Published 2026-03-31.
How severe is CVE-2026-34548?: Medium severity. CVSS v3 base score is 6.2 out of 10.