CVE-2026-27691

Exploit

EPSS 0.01%
Veröffentlicht 25.02.2026 14:36:16
Zuletzt bearbeitet 26.02.2026 15:50:36
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when processing crafted/large cube inputs. Commit 43ae18dd69fc70190d3632a18a3af2f3da1e052a fixes the issue. No known workarounds are available.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Color ≫ Iccdev Version <= 2.3.1.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.017

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	6.2	2.5	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

CWE-681 Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4gfj-4cjh-53v5

Vendor Advisory

https://github.com/InternationalColorConsortium/iccDEV/issues/607

Exploit

Issue Tracking

https://github.com/InternationalColorConsortium/iccDEV/pull/611

Patch

Issue Tracking

https://github.com/InternationalColorConsortium/iccDEV/commit/43ae18dd69fc70190d3632a18a3af2f3da1e052a

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-27691

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-27691

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-27691

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-27691