← Voltar para CVEs
CVE-2026-27691
MEDIUM6.2
Descricao
iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when processing crafted/large cube inputs. Commit 43ae18dd69fc70190d3632a18a3af2f3da1e052a fixes the issue. No known workarounds are available.
Detalhes CVE
Pontuacao CVSS v3.16.2
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/25/2026
Ultima modificacao2/26/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
color:iccdev
Fraquezas (CWE)
CWE-190CWE-681CWE-190
Referencias
https://github.com/InternationalColorConsortium/iccDEV/commit/43ae18dd69fc70190d3632a18a3af2f3da1e052a(security-advisories@github.com)
https://github.com/InternationalColorConsortium/iccDEV/issues/607(security-advisories@github.com)
https://github.com/InternationalColorConsortium/iccDEV/pull/611(security-advisories@github.com)
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4gfj-4cjh-53v5(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.