Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.5
iccDEV: Crashes or incorrect color profiles from large input data
CVE-2026-27691
Summary
A bug in iccDEV's color profile processing code can cause it to crash or produce incorrect results when given large input data. This affects versions 2.3.1.4 and earlier. To fix, update to a newer version of iccDEV.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| color | iccdev | <= 2.3.1.4 | – |
Original title
iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplicatio...
Original description
iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when processing crafted/large cube inputs. Commit 43ae18dd69fc70190d3632a18a3af2f3da1e052a fixes the issue. No known workarounds are available.
nvd CVSS3.1
5.5
Vulnerability type
CWE-190
Integer Overflow
CWE-681
- https://github.com/InternationalColorConsortium/iccDEV/commit/43ae18dd69fc70190d... Patch
- https://github.com/InternationalColorConsortium/iccDEV/issues/607 Exploit Issue Tracking
- https://github.com/InternationalColorConsortium/iccDEV/pull/611 Issue Tracking Patch
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-... Vendor Advisory
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026