March 31, 2026

CVE-2026-34555

MEDIUM SEVERITY

Executive Summary

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a stack-buffer-overflow (SBO) in CIccTagFixedNum<>::GetValues() and a related bug chain. The primary crash is an AddressSanitizer-reported WRITE of size 4 that overflows a 4-byte stack variable (rv) via the call chain CIccTagFixedNum::GetValues() -> CIccTagStruct::GetElemNumberValue(). This issue has been patched in version 2.3.1.6.

Quantitative Risk Analysis

6.2CVSS v3.1 BASE
31OSVAULT RISK
EPSS Probability
0.0% (chance of exploit in 30 days)
Exploit Maturity
UNPROVEN

Attack Vector Profile

The payload vectors broken down by magnitude impact and ease-of-deployment factor mapping.

Attack VectorLocalAttack ComplexityLowPrivileges RequiredNoneUser InteractionNoneScopeUnchangedConfidentiality ImpactNoneIntegrity ImpactNoneAvailability ImpactHigh
Raw Vector ArrayCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What This Means For Your System

Each point below is derived directly from this CVE's CVSS v3.1 vector — not editorial opinion.

1

Requires local system access; remote exploitation is not possible.

2

No special preconditions — the attack is reliably repeatable.

3

No authentication required — unauthenticated attackers can exploit directly.

4

No user interaction required — the attacker acts autonomously.

5

Successful exploitation causes: total service availability loss.

OsVault Risk Score Methodology

The OsVault composite score is a 5-layer non-linear engine — not a simple weighted average. Each input signal is transformed through mathematically appropriate curves before blending, ensuring that exploitability context overrides raw severity when warranted.

LayerSignalThis CVETransformed Value
L1Technical SeverityCVSS 6.2/1045.7 (piecewise exponential × vector modifiers)
L2Threat IntelligenceEPSS 0.016% · Unproven27.8 (sigmoid EPSS k=40 + maturity tier base)
L3CISA KEV StatusNot listedNo floor applied
Composite: 50% Technical + 40% Threat + 10% Context31

Layer 1 (Technical): CVSS is mapped through a piecewise exponential curve with 4 bands (LOW 0–20, MEDIUM 20–55, HIGH 55–85, CRITICAL 85–100), then multiplied by full CVSS vector decomposition factors for Attack Vector, Complexity, Privileges, and User Interaction.

Layer 2 (Threat): Raw EPSS is passed through a logistic sigmoid (k=40, midpoint=0.05) to maximize discrimination in the decision-relevant range. The result is added to an exploit maturity tier base score (Weaponized: 85, Functional: 55, PoC: 40, Unproven: 18).

Layer 3 (KEV Floor):Any CVE in CISA's catalog receives a hard minimum of 93.0 (Functional) or 97.0 (Weaponized). This ensures confirmed exploitation is never buried by low CVSS scores.

Scores ≥70: patch immediately. 40–69: schedule within current sprint. Below 40: standard maintenance cycle.

Relevant Threat Intelligence

Similar MEDIUM Severity Vulnerabilities

CVE-2016-20054MEDIUM

Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/user_manipulate and admin/settings/generall endpoints to create users or modify application settings without explicit consent.

CVE-2026-5527MEDIUM

A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . It is possible to initiate the attack remotely.

CVE-2026-5528MEDIUM

A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp up to 0.1.0. This affects an unknown part of the component HTTP Interface. Such manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5529MEDIUM

A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Other Vulnerabilities from March 2026

CVE-2026-5237HIGH

A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manage_user.php of the component Parameter Handler. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.

CVE-2026-5236MEDIUM

A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_BitReader::SkipBits of the file Ap4Dac4Atom.cpp of the component DSI v1 Parser. Such manipulation of the argument n_presentations leads to heap-based buffer overflow. The attack needs to be performed locally. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-5235MEDIUM

A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts the function AP4_BitReader::ReadCache of the file Ap4Dac4Atom.cpp of the component MP4 File Parser. This manipulation causes heap-based buffer overflow. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-34556MEDIUM

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow (HBO) in icAnsiToUtf8() in the XML conversion path. The issue is triggered by a crafted ICC profile which causes icAnsiToUtf8(std::string&, char const*) to treat an input buffer as a C-string and call operations that rely on strlen()/null-termination. AddressSanitizer reports an out-of-bounds READ of size 115 past a 114-byte heap allocation, with the failure observed while running the iccToXml tool. This issue has been patched in version 2.3.1.6.

Are you affected by CVE-2026-34555?

Integrate OsVault's static analysis engine directly into your repository to uncover unreachable downstream vulnerabilities implicitly bypassing your firewall rules.

Run Platform Scan →