Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
iccDEV Crashes When Parsing ICC Profile XML
CVE-2026-27692
Summary
The iccDEV software may crash when handling ICC color profiles in a specific way. This could be a significant issue for organizations that rely on iccDEV for color management tasks, as it could disrupt their workflows. Upgrade to version 2.3.1.5 or later to resolve the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| color | iccdev | <= 2.3.1.4 | – |
Original title
iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription:...
Original description
iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release() when strlen() reads past a heap buffer while parsing ICC profile XML text description tags, causing a crash. Commit 29d088840b962a7cdd35993dfabc2cb35a049847 fixes the issue. No known workarounds are available.
nvd CVSS3.1
7.1
Vulnerability type
CWE-125
Out-of-bounds Read
CWE-170
CWE-787
Out-of-bounds Write
- https://github.com/InternationalColorConsortium/iccDEV/commit/29d088840b962a7cdd... Patch
- https://github.com/InternationalColorConsortium/iccDEV/issues/609 Exploit Issue Tracking
- https://github.com/InternationalColorConsortium/iccDEV/pull/610 Issue Tracking Patch
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-... Vendor Advisory
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026