CVE-2026-27691

Source
https://cve.org/CVERecord?id=CVE-2026-27691
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27691.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-27691
Aliases
  • GHSA-4gfj-4cjh-53v5
Published
2026-02-25T14:36:16.803Z
Modified
2026-07-15T01:49:21.745588831Z
Severity
  • 6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
iccDEV has SIO in parse3DTable() at iccFromCube.cpp Line 218
Details

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when processing crafted/large cube inputs. Commit 43ae18dd69fc70190d3632a18a3af2f3da1e052a fixes the issue. No known workarounds are available.

Database specific
{
    "cwe_ids": [
        "CWE-190",
        "CWE-681"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27691.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/internationalcolorconsortium/iccdev

Affected ranges

Type
GIT
Repo
https://github.com/internationalcolorconsortium/iccdev
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.1.4"
        }
    ],
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

v2.*
v2.2.6
v2.3.1
v2.3.1.1
v2.3.1.2
v2.3.1.3
v2.3.1.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27691.json"