CVE-2026-27692
Undergoing Analysis Undergoing Analysis - In Progress
Heap Buffer Overflow in iccDEV ICC Profile Parsing Causes Crash

Publication date: 2026-02-25

Last updated on: 2026-02-26

Assigner: GitHub, Inc.

Description
iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release() when strlen() reads past a heap buffer while parsing ICC profile XML text description tags, causing a crash. Commit 29d088840b962a7cdd35993dfabc2cb35a049847 fixes the issue. No known workarounds are available.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-25
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2026-02-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-27692
EUVD
EUVD-2026-8641
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
color iccdev to 2.3.1.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-170 The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-27692 is a heap-buffer-overflow vulnerability in the iccDEV project, specifically in the function CIccTagTextDescription::Release(). The issue occurs because the code incorrectly calculates the size of a string by not including the NULL terminator, leading strlen() to read past the allocated heap buffer while parsing ICC profile XML text description tags.

This out-of-bounds read causes a crash and can potentially disclose memory contents. The vulnerability arises when strlen() reads beyond a one-byte allocated buffer, causing a heap-buffer-overflow error.

The problem was fixed in version 2.3.1.4 by correcting the string size calculation to include the NULL terminator, preventing the overflow.

Impact Analysis

This vulnerability can cause application crashes due to heap-buffer-overflow reads when processing ICC profile XML text description tags.

It can also lead to potential disclosure of memory contents, impacting confidentiality.

The CVSS score is 7.1, indicating a high severity with high confidentiality and availability impact but no integrity loss.

Exploitation requires local user interaction, such as opening or converting a crafted ICC profile XML file using a local tool.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by monitoring for crashes or heap-buffer-overflow errors in applications using the iccDEV libraries when parsing ICC profile XML text description tags.

Fuzz testing with tools like libFuzzer can trigger the vulnerability by providing crafted XML inputs that cause the heap-buffer-overflow read.

AddressSanitizer (ASan) can be used to detect the heap-buffer-overflow during runtime, as it reports errors when strlen reads beyond allocated heap buffers.

  • Run the vulnerable application or tool (e.g., IccFromXml) under AddressSanitizer to catch heap-buffer-overflow errors.
  • Use fuzzing tools such as libFuzzer with ICC profile XML inputs to identify crashes related to this vulnerability.
  • Monitor application logs and crash reports for heap-buffer-overflow or strlen-related errors during ICC profile parsing.
Mitigation Strategies

The primary mitigation step is to update the iccDEV package to version 2.3.1.4 or later, where the vulnerability has been fixed.

No known workarounds are available, so applying the official patch or upgrading is essential to prevent exploitation.

Avoid opening or converting untrusted or crafted ICC profile XML files with vulnerable versions of iccDEV tools to reduce risk until patched.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27692. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart