CVE-2026-27692

Summary

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release() when strlen() reads past a heap buffer while parsing ICC profile XML text description tags, causing a crash. Commit 29d088840b962a7cdd35993dfabc2cb35a049847 fixes the issue. No known workarounds are available.

Affected Software

VendorProductVersion RangeStatus
InternationalColorConsortiumiccDEV<= 2.3.1.4affected

Weaknesses

  • CWE-125: CWE-125: Out-of-bounds Read
  • CWE-170: CWE-170: Improper Null Termination
  • CWE-787: CWE-787: Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References