SB2026043050 - Multiple vulnerabilities in iccDEV



SB2026043050 - Multiple vulnerabilities in iccDEV

Published: April 30, 2026 Updated: May 5, 2026

Security Bulletin ID SB2026043050
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 37
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 22% Medium 22% Low 57%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 37 vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2026-31797)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information or cause a denial of service.

The vulnerability exists due to out-of-bounds read in CTiffImg::ReadLine() when iccApplyProfiles processes a crafted TIFF image. A remote attacker can trick the victim into processing a crafted TIFF image to disclose sensitive information or cause a denial of service.

User interaction is required to process the crafted TIFF image.


2) Heap-based buffer overflow (CVE-ID: CVE-2026-31796)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code or cause a denial of service.

The vulnerability exists due to heap-based buffer overflow in icCurvesFromXml() when parsing crafted XML input. A remote attacker can trick the victim into opening specially crafted XML content to execute arbitrary code or cause a denial of service.

User interaction is required to process the crafted XML content.


3) Stack-based buffer overflow (CVE-ID: CVE-2026-31795)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code or cause a denial of service.

The vulnerability exists due to stack-based buffer overflow in CIccXform3DLut::Apply() when processing crafted input. A remote attacker can trick the victim into processing crafted input to execute arbitrary code or cause a denial of service.

User interaction is required to process the crafted input.


4) Out-of-bounds read (CVE-ID: CVE-2026-31794)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to out-of-bounds read in CIccCLUT::Interp3d() when parsing crafted input. A remote attacker can supply crafted input to cause a denial of service.

User interaction is required to process the crafted input.


5) Out-of-bounds read (CVE-ID: CVE-2026-31793)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to out-of-bounds read in CIccCalculatorFunc::ApplySequence() when processing crafted input. A remote attacker can trigger a segmentation fault to cause a denial of service.

User interaction is required to process the crafted input.


6) NULL pointer dereference (CVE-ID: CVE-2026-31792)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to a null pointer dereference in CIccTagXmlStruct::ParseTag() when parsing input. A remote attacker can trick the victim into processing crafted input to cause a denial of service.

User interaction is required to process the crafted input.


7) Stack-based buffer overflow (CVE-ID: CVE-2026-30987)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code or cause a denial of service.

The vulnerability exists due to stack-based buffer overflow in CIccTagNum<(icTagTypeSignature)>::GetValues() when parsing crafted input. A remote attacker can trick the victim into processing crafted input to execute arbitrary code or cause a denial of service.

User interaction is required to process the crafted input.


8) Heap-based buffer overflow (CVE-ID: CVE-2026-30986)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to heap-based buffer overflow in CIccMatrixMath::SetRange() when processing crafted input. A remote attacker can trigger the vulnerable code path to cause a denial of service.

User interaction is required to process malicious input.


9) Heap-based buffer overflow (CVE-ID: CVE-2026-30985)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code or cause a denial of service.

The vulnerability exists due to heap-based buffer overflow in CIccMatrixMath::SetRange() when parsing input. A remote attacker can trick the victim into processing crafted input to execute arbitrary code or cause a denial of service.

User interaction is required to process the crafted input.


10) Out-of-bounds read (CVE-ID: CVE-2026-30984)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to out-of-bounds read in CIccCalculatorFunc::ApplySequence() when parsing crafted input. A remote attacker can trick the victim into processing crafted input to cause a denial of service.

User interaction is required to process the crafted input.


11) Stack-based buffer overflow (CVE-ID: CVE-2026-30983)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to stack-based buffer overflow in icFixXml() when parsing crafted input. A remote attacker can trick the victim into processing specially crafted input to execute arbitrary code.

User interaction is required to process the crafted input.


12) Out-of-bounds read (CVE-ID: CVE-2026-30982)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information and cause a denial of service.

The vulnerability exists due to out-of-bounds read in CIccPcsXform::pushXYZConvert() when parsing crafted input. A remote attacker can trigger the vulnerable function with crafted input to disclose sensitive information and cause a denial of service.

User interaction is required to process the crafted input.


13) Out-of-bounds read (CVE-ID: CVE-2026-30981)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information and cause a denial of service.

The vulnerability exists due to out-of-bounds read in CIccXmlArrayType<>::DumpArray() when parsing input. A remote attacker can trick the victim into opening or processing specially crafted input to disclose sensitive information and cause a denial of service.

User interaction is required to process the crafted input.


14) Uncontrolled Recursion (CVE-ID: CVE-2026-30980)

CWE-ID: CWE-674 - Uncontrolled Recursion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to uncontrolled recursion in CIccBasicStructFactory::CreateStruct() when processing crafted input. A remote attacker can trigger uncontrolled recursion and stack exhaustion to cause a denial of service.

User interaction is required to process the crafted input.


15) Heap-based buffer overflow (CVE-ID: CVE-2026-30979)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp() when parsing crafted input. A remote attacker can trick the victim into processing crafted input to execute arbitrary code.

User interaction is required to process the crafted input.


16) Use-after-free (CVE-ID: CVE-2026-30978)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code or cause a denial of service.

The vulnerability exists due to use-after-free in CIccCmm::AddXform() when processing crafted input. A remote attacker can trigger an invalid vptr dereference to execute arbitrary code or cause a denial of service.

User interaction is required to process the crafted input.


17) NULL pointer dereference (CVE-ID: CVE-2026-34551)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to null pointer dereference in CIccTagLut16::Write() when processing a crafted ICC profile during iccTiffDump extraction and profile serialization. A remote attacker can supply a crafted ICC profile to cause a denial of service.

The crash is reported as a reference binding to a null pointer originating from CIccTagCurve::operator[].


18) Incorrect Conversion between Numeric Types (CVE-ID: CVE-2026-34550)

CWE-ID: CWE-681 - Incorrect Conversion between Numeric Types

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to incorrect conversion between numeric types in IccProfLib/IccIO.cpp when processing a crafted ICC profile in iccDumpProfileGui. A remote attacker can supply a specially crafted ICC profile to cause a denial of service.

The issue is triggered by an implicit conversion from a negative signed integer to size_t, which can lead to undefined behavior and unpredictable process behavior.


19) Reliance on undefined behavior (CVE-ID: CVE-2026-34549)

CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to reliance on undefined behavior in IccUtil.cpp when parsing a crafted input profile. A remote attacker can supply a crafted input profile to cause a denial of service.

The issue is triggered by invalid left shift operations on icUInt32Number reported at lines 1253, 1130, and 1088.


20) Incorrect Conversion between Numeric Types (CVE-ID: CVE-2026-34548)

CWE-ID: CWE-681 - Incorrect Conversion between Numeric Types

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to incorrect conversion between numeric types in IccUtilXml.cpp when processing a profile extracted from a crafted TIFF through the iccToXml XML conversion path. A remote attacker can supply a crafted TIFF-derived ICC profile to cause a denial of service.

The issue is triggered by an implicit conversion from a negative signed integer to an unsigned 32-bit value.


21) Reliance on undefined behavior (CVE-ID: CVE-2026-34547)

CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to reliance on undefined behavior in IccUtil.cpp when parsing a crafted ICC profile with iccDumpProfile. A remote attacker can supply a specially crafted ICC profile to cause a denial of service.

The issue is triggered while running iccDumpProfile on malformed profile data.


22) Division by zero (CVE-ID: CVE-2026-34546)

CWE-ID: CWE-369 - Divide By Zero

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to division by zero in TiffImg.h when parsing a crafted TIFF file with iccTiffDump. A remote attacker can supply a specially crafted TIFF file to cause a denial of service.


23) Stack-based buffer overflow (CVE-ID: CVE-2026-34542)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to stack-based buffer overflow in CIccCalculatorFunc::Apply() when processing a crafted ICC profile via iccApplyNamedCmm. A remote attacker can supply a specially crafted ICC profile to cause a denial of service.

The issue is reachable through the MPE calculator and curve set initialization path.


24) Path traversal (CVE-ID: CVE-2026-44647)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to path traversal in Git LFS pointer resolution when processing repository-controlled LFS metadata. A remote user can push a crafted repository object to disclose sensitive information.

Exploitation requires push permission to a repository.


25) NULL pointer dereference (CVE-ID: CVE-2026-34541)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to null pointer dereference in CIccCombinedConnectionConditions::CIccCombinedConnectionConditions() when processing a malformed ICC profile with iccApplyNamedCmm using the -PCC option. A remote attacker can supply a specially crafted ICC profile to cause a denial of service.

The issue is reported in IccProfLib/IccPcc.cpp.


26) Heap-based buffer overflow (CVE-ID: CVE-2026-34540)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to heap-based buffer overflow in icMemDump() when dumping malformed tag contents from a crafted ICC profile. A remote attacker can supply a crafted ICC profile to cause a denial of service.

The issue is reachable via CIccTagUnknown::Describe().


27) Heap-based buffer overflow (CVE-ID: CVE-2026-34539)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to heap-based buffer overflow in CTiffImg::WriteLine() when processing a crafted ICC profile and TIFF input. A remote attacker can supply a malicious .icc and .tif pair to cause a denial of service.

The issue is observable as an out-of-bounds heap read during TIFF strip writing in iccSpecSepToTiff.


28) Reliance on undefined behavior (CVE-ID: CVE-2026-34537)

CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to reliance on undefined behavior in CIccOpDefEnvVar::Exec() when processing a crafted ICC profile. A remote attacker can supply a crafted ICC profile with invalid enum values to cause a denial of service.


29) Uncontrolled Recursion (CVE-ID: CVE-2026-34536)

CWE-ID: CWE-674 - Uncontrolled Recursion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to uncontrolled recursion in SIccCalcOp::ArgsUsed() when processing a crafted ICC profile. A remote attacker can supply a malicious profile to cause a denial of service.

The issue is triggered when iccApplyProfiles processes the crafted profile.


30) Heap-based buffer overflow (CVE-ID: CVE-2026-34535)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to heap-based buffer overflow in CIccTagArray::Cleanup() when parsing a crafted ICC profile. A remote attacker can supply a malicious profile to cause a denial of service.

The issue is observable as misaligned member access and invalid reads that crash the process when running iccRoundTrip on the crafted profile.


31) Heap-based buffer overflow (CVE-ID: CVE-2026-34534)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to heap-based buffer overflow in CIccMpeSpectralMatrix::Describe() when parsing a crafted ICC profile. A remote attacker can supply a specially crafted ICC profile to cause a denial of service.

The issue is observable as an out-of-bounds heap read when running iccDumpProfile on a malicious profile.


32) Reliance on undefined behavior (CVE-ID: CVE-2026-34533)

CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to reliance on undefined behavior in CIccCalculatorFunc::ApplySequence() when processing a crafted ICC profile. A remote attacker can supply a crafted ICC profile with invalid enum values to cause a denial of service.

The issue is observable under UBSan as invalid values being loaded for icChannelFuncSignature.


33) Out-of-bounds read (CVE-ID: CVE-2026-34556)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to out-of-bounds read in icAnsiToUtf8() when parsing a crafted ICC profile in the XML conversion path. A remote attacker can supply a crafted ICC profile to cause a denial of service.

The issue is observed while running the iccToXml tool.


34) Stack-based buffer overflow (CVE-ID: CVE-2026-34555)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to stack-based buffer overflow in CIccTagFixedNum<>::GetValues() when processing a crafted ICC profile. A remote attacker can supply a crafted ICC profile to cause a denial of service.

The issue was observed as a write of size 4 overflowing a 4-byte stack variable through the call chain into CIccTagStruct::GetElemNumberValue().


35) Out-of-bounds read (CVE-ID: CVE-2026-34554)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to out-of-bounds read in CIccApplyCmmSearch::costFunc() when processing malformed JSON configuration input via the iccApplySearch tool. A remote attacker can supply a specially crafted -cfg JSON file to cause a denial of service.


36) Return of Stack Variable Address (CVE-ID: CVE-2026-34553)

CWE-ID: CWE-562 - Return of Stack Variable Address

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to modify CLUT output.

The vulnerability exists due to return of stack variable address in CIccCLUT::DumpLut() and output produced by CIccMBB::Describe() when dumping CLUT data. A remote attacker can process a crafted ICC profile to modify CLUT output.

The issue is associated with dangling references to stack arrays through temporary buffer usage during CLUT dumping.


37) NULL pointer dereference (CVE-ID: CVE-2026-34552)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to null pointer dereference in IccTagLut.cpp when processing a malformed ICC profile through the LUT application path. A remote attacker can supply a specially crafted ICC profile to cause a denial of service.

The issue was reported at IccTagLut.cpp:3181:31 while running iccRoundTrip on a provided ICC profile.


Remediation

Install update from vendor's website.

References