CVE-2026-27692 | THREATINT

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release() when strlen() reads past a heap buffer while parsing ICC profile XML text description tags, causing a crash. Commit 29d088840b962a7cdd35993dfabc2cb35a049847 fixes the issue. No known workarounds are available.

PUBLISHED Reserved 2026-02-23 | Published 2026-02-25 | Updated 2026-02-25 | Assigner GitHub_M

HIGH: 7.1CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Problem types

CWE-125: Out-of-bounds Read

CWE-170: Improper Null Termination

CWE-787: Out-of-bounds Write

Product status

<= 2.3.1.4

affected

References

github.com/...iccDEV/security/advisories/GHSA-3869-prw8-gjqr

github.com/InternationalColorConsortium/iccDEV/issues/609

github.com/InternationalColorConsortium/iccDEV/pull/610

github.com/...ommit/29d088840b962a7cdd35993dfabc2cb35a049847

cve.org (CVE-2026-27692)

nvd.nist.gov (CVE-2026-27692)

Download JSON