CVE-2026-27691 - Vulnerability Analysis
MediumCVSS: 6.2Last Updated: February 26, 2026
iccDEV - Buffer Overflow
Published: February 25, 2026Updated: February 26, 2026PoC Available
Overview
iccDEV up to 2.3.1.4 contains a buffer overflow caused by signed integer overflow in iccFromCube.cpp during multiplication, letting attackers cause crashes or incorrect ICC profile generation, exploit requires crafted large cube inputs.
Severity & Score
Severity: Medium
CVSS Score: 6.2
Impact
Attackers can cause application crashes or generate incorrect ICC profiles, potentially disrupting color management processes.
Mitigation
Update to a version including commit 43ae18dd69fc70190d3632a18a3af2f3da1e052a or later.
References
- https://github.com/InternationalColorConsortium/iccDEV/commit/43ae18dd69fc70190d3632a18a3af2f3da1e052a
- https://github.com/InternationalColorConsortium/iccDEV/issues/607
- https://github.com/InternationalColorConsortium/iccDEV/pull/611
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4gfj-4cjh-53v5
Related Resources
Details
- CVE ID
- CVE-2026-27691
- Severity
- Medium
- CVSS Score
- 6.2
- Type
- undefined
- Status
- confirmed
CWE
- CWE-190
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H