CVE-2026-27692 - Vulnerability Analysis
HighCVSS: 7.1Last Updated: February 26, 2026
iccDEV - Buffer Overflow
Published: February 25, 2026Updated: February 26, 2026PoC Available
Overview
iccDEV up to 2.3.1.4 contains a heap buffer overflow caused by strlen() reading past heap buffer in CIccTagTextDescription::Release() while parsing ICC profile XML text description tags, letting attackers cause a crash remotely, exploit requires crafted ICC profile.
Severity & Score
Severity: High
CVSS Score: 7.1
Impact
Attackers can cause application crash leading to denial of service.
Mitigation
Update to version 2.3.1.5 or later containing commit 29d088840b962a7cdd35993dfabc2cb35a049847.
References
- https://github.com/InternationalColorConsortium/iccDEV/commit/29d088840b962a7cdd35993dfabc2cb35a049847
- https://github.com/InternationalColorConsortium/iccDEV/issues/609
- https://github.com/InternationalColorConsortium/iccDEV/pull/610
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-3869-prw8-gjqr
Related Resources
Details
- CVE ID
- CVE-2026-27692
- Severity
- High
- CVSS Score
- 7.1
- Type
- buffer_overflow
- Status
- confirmed
CWE
- CWE-125
- CWE-787
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H