Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when processing crafted/large cube inputs. Commit 43ae18dd69fc70190d3632a18a3af2f3da1e052a fixes the issue. No known workarounds are available.

INFO

Published Date :

2026-02-25T14:36:16.803Z

Last Modified :

2026-02-25T20:42:19.363Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-27691 vulnerability.

Vendors Products
Color
  • Iccdev
Internationalcolorconsortium
  • Iccdev
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-27691.

URL Resource
https://github.com/InternationalColorConsortium/iccDEV/commit/43ae18dd69fc70190d3632a18a3af2f3da1e052a cve-icon cve-icon
https://github.com/InternationalColorConsortium/iccDEV/issues/607 cve-icon cve-icon
https://github.com/InternationalColorConsortium/iccDEV/pull/611 cve-icon cve-icon
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4gfj-4cjh-53v5 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact