CVE-2026-34552

// PoC for CVE-2026-34552: Null Pointer Dereference in iccDEV // This code demonstrates the concept of the vulnerability. // Requires linking against the vulnerable iccDEV library version < 2.3.1.6 #include <iostream> #include "IccTagLut.h" // Assuming header file exists int main() { std::cout << "[+] Attempting to trigger CVE-2026-34552..." << std::endl; // Simulation of the vulnerable condition // In the real scenario, a malformed ICC profile or specific API call // leads to a null 'CIccApplyCLUT' object inside IccTagLut. CIccApplyCLUT* nullObject = nullptr; try { // This mimics the code path in IccTagLut.cpp causing the crash // Direct member access through null pointer -> Undefined Behavior -> Crash // (Actual trigger depends on internal library usage) if (nullObject == nullptr) { std::cout << "[!] Triggering null pointer access..." << std::endl; // The following line would cause the crash in the vulnerable version // nullObject->Process(); } } catch (...) { std::cout << "[!] Exception caught." << std::endl; } return 0; }

{"cve": {"id": "CVE-2026-34552", "sourceIdentifier": "[email protected]", "published": "2026-03-31T23:17:10.270", "lastModified": "2026-04-20T14:34:19.123", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) issue in IccTagLut.cpp where the code performs member access through a null pointer of type CIccApplyCLUT. This issue has been patched in version 2.3.1.6."}, {"lang": "es", "value": "iccDEV proporciona un conjunto de bibliotecas y herramientas para trabajar con perfiles de gestión de color ICC. Antes de la versión 2.3.1.6, existe un problema de Comportamiento Indefinido (UB) en IccTagLut.cpp donde el código realiza acceso a miembros a través de un puntero nulo de tipo CIccApplyCLUT. Este problema ha sido parcheado en la versión 2.3.1.6."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-476"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.3.1.6", "matchCriteriaId": "DE133F29-9592-4669-8B76-9F7C88EFE17D"}]}]}], "references": [{"url": "https://github.com/InternationalColorConsortium/iccDEV/issues/701", "source": "[email protected]", "tags": ["Issue Tracking", "Exploit"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/pull/730", "source": "[email protected]", "tags": ["Issue Tracking", "Patch"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wgh5-wvv2-r8pq", "source": "[email protected]", "tags": ["Patch", "Vendor Advisory"]}]}}