CVE-2026-27692

{"id": "CVE-2026-27692", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-27692", "role": "CISA Coordinator", "options": [{"exploitation": "poc"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-25T20:42:45.836415Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "affected": [{"source": "security-advisories@github.com", "affectedData": [{"vendor": "InternationalColorConsortium", "product": "iccDEV", "versions": [{"status": "affected", "version": "<= 2.3.1.4"}]}]}], "published": "2026-02-25T15:20:52.727", "references": [{"url": "https://github.com/InternationalColorConsortium/iccDEV/commit/29d088840b962a7cdd35993dfabc2cb35a049847", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/issues/609", "tags": ["Exploit", "Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/pull/610", "tags": ["Issue Tracking", "Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-3869-prw8-gjqr", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-170"}, {"lang": "en", "value": "CWE-787"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release() when strlen() reads past a heap buffer while parsing ICC profile XML text description tags, causing a crash. Commit 29d088840b962a7cdd35993dfabc2cb35a049847 fixes the issue. No known workarounds are available."}, {"lang": "es", "value": "iccDEV proporciona un conjunto de librer\u00edas y herramientas para trabajar con perfiles ICC de gesti\u00f3n de color. En versiones hasta la 2.3.1.4 inclusive, se produce una lectura de desbordamiento de b\u00fafer de mont\u00f3n durante CIccTagTextDescription::Release() cuando strlen() lee m\u00e1s all\u00e1 de un b\u00fafer de mont\u00f3n mientras analiza etiquetas de descripci\u00f3n de texto XML de perfiles ICC, causando un fallo. El commit 29d088840b962a7cdd35993dfabc2cb35a049847 corrige el problema. No se conocen soluciones alternativas disponibles."}], "lastModified": "2026-06-17T10:27:31.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13349570-1947-4F22-8E72-1B0AB45D143F", "versionEndIncluding": "2.3.1.4"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}