CVE-2026-27692
Heap Buffer Overflow in iccDEV ICC Profile Parsing Causes Crash
Publication date: 2026-02-25
Last updated on: 2026-02-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| color | iccdev | to 2.3.1.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-170 | The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-27692 is a heap-buffer-overflow vulnerability in the iccDEV project, specifically in the function CIccTagTextDescription::Release(). The issue occurs because the code incorrectly calculates the size of a string by not including the NULL terminator, leading strlen() to read past the allocated heap buffer while parsing ICC profile XML text description tags.
This out-of-bounds read causes a crash and can potentially disclose memory contents. The vulnerability arises when strlen() reads beyond a one-byte allocated buffer, causing a heap-buffer-overflow error.
The problem was fixed in version 2.3.1.4 by correcting the string size calculation to include the NULL terminator, preventing the overflow.
How can this vulnerability impact me? :
This vulnerability can cause application crashes due to heap-buffer-overflow reads when processing ICC profile XML text description tags.
It can also lead to potential disclosure of memory contents, impacting confidentiality.
The CVSS score is 7.1, indicating a high severity with high confidentiality and availability impact but no integrity loss.
Exploitation requires local user interaction, such as opening or converting a crafted ICC profile XML file using a local tool.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or heap-buffer-overflow errors in applications using the iccDEV libraries when parsing ICC profile XML text description tags.
Fuzz testing with tools like libFuzzer can trigger the vulnerability by providing crafted XML inputs that cause the heap-buffer-overflow read.
AddressSanitizer (ASan) can be used to detect the heap-buffer-overflow during runtime, as it reports errors when strlen reads beyond allocated heap buffers.
- Run the vulnerable application or tool (e.g., IccFromXml) under AddressSanitizer to catch heap-buffer-overflow errors.
- Use fuzzing tools such as libFuzzer with ICC profile XML inputs to identify crashes related to this vulnerability.
- Monitor application logs and crash reports for heap-buffer-overflow or strlen-related errors during ICC profile parsing.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the iccDEV package to version 2.3.1.4 or later, where the vulnerability has been fixed.
No known workarounds are available, so applying the official patch or upgrading is essential to prevent exploitation.
Avoid opening or converting untrusted or crafted ICC profile XML files with vulnerable versions of iccDEV tools to reduce risk until patched.