What is CVE-2026-34552?

CVE-2026-34552 is a medium-severity vulnerability in Internationalcolorconsortium Iccdev, classified under NULL Pointer Dereference. CVSS score: 6.2/10. Published 2026-03-31.

How severe is CVE-2026-34552?

Medium severity. CVSS v3 base score is 6.2 out of 10.

NULL pointer dereference in Internationalcolorconsortium Iccdev

CVE-2026-34552

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) issue in IccTagLut.cpp where the code performs member access through a null pointer…

EPSS: 0.000 (4.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.2 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Internationalcolorconsortium Iccdev — versions < 2.3.1.6

Weakness classification (CWE)

CWE-476 — NULL Pointer Dereference

References

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wgh5-wvv2-r8pq (x_refsource_CONFIRM)
https://github.com/InternationalColorConsortium/iccDEV/issues/701 (x_refsource_MISC)
https://github.com/InternationalColorConsortium/iccDEV/pull/730 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-34552?: CVE-2026-34552 is a medium-severity vulnerability in Internationalcolorconsortium Iccdev, classified under NULL Pointer Dereference. CVSS score: 6.2/10. Published 2026-03-31.
How severe is CVE-2026-34552?: Medium severity. CVSS v3 base score is 6.2 out of 10.