QwikSec

Security Database

CVE

CWE

Training

CVE-2026-27691

Published: Feb 25, 2026

Modified: Feb 25, 2026

PUBLISHED

CVSS v3.1

6.2

MEDIUM

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when processing crafted/large cube inputs. Commit 43ae18dd69fc70190d3632a18a3af2f3da1e052a fixes the issue. No known workarounds are available.

Vendor	Product	Versions
InternationalColorConsortium	iccDEV	affected `<= 2.3.1.4`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4gfj-4cjh-53v5

x_refsource_CONFIRM

https://github.com/InternationalColorConsortium/iccDEV/issues/607

x_refsource_MISC

https://github.com/InternationalColorConsortium/iccDEV/pull/611

x_refsource_MISC

https://github.com/InternationalColorConsortium/iccDEV/commit/43ae18dd69fc70190d3632a18a3af2f3da1e052a

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.