CVE-2026-27692

iccDEV has HBO in CIccTagTextDescription::Release()

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release() when strlen() reads past a heap buffer while parsing ICC profile XML text description tags, causing a crash. Commit 29d088840b962a7cdd35993dfabc2cb35a049847 fixes the issue. No known workarounds are available.

INFO

Published Date :

2026-02-25T14:40:22.740Z

Last Modified :

2026-02-25T20:42:56.820Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-27692 vulnerability.

Vendors	Products
Color	Iccdev
Internationalcolorconsortium	Iccdev

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-27692.

URL	Resource
https://github.com/InternationalColorConsortium/iccDEV/commit/29d088840b962a7cdd35993dfabc2cb35a049847
https://github.com/InternationalColorConsortium/iccDEV/issues/609
https://github.com/InternationalColorConsortium/iccDEV/pull/610
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-3869-prw8-gjqr

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact