CVE-2026-27692

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release() when strlen() reads past a heap buffer while parsing ICC profile XML text description tags, causing a crash. Commit 29d088840b962a7cdd35993dfabc2cb35a049847 fixes the issue. No known workarounds are available.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/InternationalColorConsortium/iccDEV/commit/29d088840b962a7cdd35993dfabc2cb35a049847	Patch
https://github.com/InternationalColorConsortium/iccDEV/issues/609	Exploit Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/pull/610	Issue Tracking Patch
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-3869-prw8-gjqr	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-25 15:20

Updated : 2026-02-26 15:43

NVD link : CVE-2026-27692

Mitre link : CVE-2026-27692

CVE.ORG link : CVE-2026-27692

JSON object : View

Products Affected

color

iccdev

CWE

CWE-125

Out-of-bounds Read

CWE-170

Improper Null Termination

CWE-787

Out-of-bounds Write

{"id": "CVE-2026-27692", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2026-02-25T15:20:52.727", "references": [{"url": "https://github.com/InternationalColorConsortium/iccDEV/commit/29d088840b962a7cdd35993dfabc2cb35a049847", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/issues/609", "tags": ["Exploit", "Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/pull/610", "tags": ["Issue Tracking", "Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-3869-prw8-gjqr", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-170"}, {"lang": "en", "value": "CWE-787"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release() when strlen() reads past a heap buffer while parsing ICC profile XML text description tags, causing a crash. Commit 29d088840b962a7cdd35993dfabc2cb35a049847 fixes the issue. No known workarounds are available."}, {"lang": "es", "value": "iccDEV proporciona un conjunto de librer\u00edas y herramientas para trabajar con perfiles ICC de gesti\u00f3n de color. En versiones hasta la 2.3.1.4 inclusive, se produce una lectura de desbordamiento de b\u00fafer de mont\u00f3n durante CIccTagTextDescription::Release() cuando strlen() lee m\u00e1s all\u00e1 de un b\u00fafer de mont\u00f3n mientras analiza etiquetas de descripci\u00f3n de texto XML de perfiles ICC, causando un fallo. El commit 29d088840b962a7cdd35993dfabc2cb35a049847 corrige el problema. No se conocen soluciones alternativas disponibles."}], "lastModified": "2026-02-26T15:43:56.077", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13349570-1947-4F22-8E72-1B0AB45D143F", "versionEndIncluding": "2.3.1.4"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}