CVE-2026-27692

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release() when strlen() reads past a heap buffer while parsing ICC profile XML text description tags, causing a crash. Commit 29d088840b962a7cdd35993dfabc2cb35a049847 fixes the issue. No known workarounds are available.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/InternationalColorConsortium/iccDEV/commit/29d088840b962a7cdd35993dfabc2cb35a049847	Patch
https://github.com/InternationalColorConsortium/iccDEV/issues/609	Exploit Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/pull/610	Issue Tracking Patch
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-3869-prw8-gjqr	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*

History

26 Feb 2026, 15:43

Type	Values Removed	Values Added
CPE		cpe:2.3:a:color:iccdev::::::::
First Time		Color Color iccdev
References	~~() https://github.com/InternationalColorConsortium/iccDEV/commit/29d088840b962a7cdd35993dfabc2cb35a049847 -~~	() https://github.com/InternationalColorConsortium/iccDEV/commit/29d088840b962a7cdd35993dfabc2cb35a049847 - Patch
References	~~() https://github.com/InternationalColorConsortium/iccDEV/issues/609 -~~	() https://github.com/InternationalColorConsortium/iccDEV/issues/609 - Exploit, Issue Tracking
References	~~() https://github.com/InternationalColorConsortium/iccDEV/pull/610 -~~	() https://github.com/InternationalColorConsortium/iccDEV/pull/610 - Issue Tracking, Patch
References	~~() https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-3869-prw8-gjqr -~~	() https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-3869-prw8-gjqr - Vendor Advisory

25 Feb 2026, 15:22

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-25 15:20

Updated : 2026-02-26 15:43

NVD link : CVE-2026-27692

Mitre link : CVE-2026-27692

CVE.ORG link : CVE-2026-27692

JSON object : View

Products Affected

color

iccdev

CWE

CWE-125

Out-of-bounds Read

CWE-170

Improper Null Termination

CWE-787

Out-of-bounds Write

7.1 /10