CVE-2026-27691

6.2 MEDIUM
Published: February 25, 2026 Modified: February 26, 2026
View on NVD

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when processing crafted/large cube inputs. Commit 43ae18dd69fc70190d3632a18a3af2f3da1e052a fixes the issue. No known workarounds are available.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/InternationalColorConsortium/iccDEV/commit/43ae18dd69fc70190d3632a18a3af2f3da1e052a
Source: security-advisories@github.com
Patch
https://github.com/InternationalColorConsortium/iccDEV/issues/607
Source: security-advisories@github.com
Exploit Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/pull/611
Source: security-advisories@github.com
Issue Tracking Patch
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4gfj-4cjh-53v5
Source: security-advisories@github.com
Vendor Advisory

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
6.2 / 10.0
EPSS (Exploit Probability)
0.0%
2th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-190 CWE-681 CWE-190

Affected Vendors

color

Related CVEs

CVE-2026-4516 6.3
CVE-2019-25572 6.2
CVE-2019-25571 6.2
CVE-2019-25570 5.5
CVE-2019-25569 6.2