Cyber Resilience

CVE-2026-27692

HighPublic PoC

Published: 25 February 2026

Published
25 February 2026
Modified
26 February 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
EPSS Score 0.0002 5.6th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27692 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Color Iccdev. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 5.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-27692 is a heap-buffer-overflow read vulnerability (CWE-125, CWE-170, CWE-787) in iccDEV, a set of libraries and tools for working with ICC color management profiles. It affects versions up to and including 2.3.1.4. The flaw occurs in the CIccTagTextDescription::Release() function, where strlen() reads past the bounds of a heap buffer during parsing of ICC profile XML text description tags, resulting in a crash.

According to its CVSS 3.1 score of 7.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H), the vulnerability can be exploited by a local attacker with low complexity and no privileges required, but it demands user interaction. An attacker could craft a malicious ICC profile and trick a user into processing it via an application using iccDEV, achieving high confidentiality impact through potential information disclosure and high availability impact via denial-of-service crashes.

Mitigation is provided by commit 29d088840b962a7cdd35993dfabc2cb35a049847 in the iccDEV repository, which addresses the issue. No known workarounds are available. Further details appear in the GitHub security advisory GHSA-3869-prw8-gjqr, issue #609, and pull request #610.

EU & UK References

Vulnerability details

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release() when strlen() reads past a heap buffer while parsing ICC profile XML text…

more

description tags, causing a crash. Commit 29d088840b962a7cdd35993dfabc2cb35a049847 fixes the issue. No known workarounds are available.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Vulnerability is triggered by processing a crafted malicious ICC profile file (enables T1204.002 User Execution via Malicious File) and produces application crashes for denial-of-service (enables T1499.004 Application or System Exploitation).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-24852Same product: Color Iccdev
CVE-2026-21491Same product: Color Iccdev
CVE-2026-21500Same product: Color Iccdev
CVE-2026-21488Same product: Color Iccdev
CVE-2026-31792Same product: Color Iccdev
CVE-2026-21681Same product: Color Iccdev
CVE-2026-21685Same product: Color Iccdev
CVE-2026-21680Same product: Color Iccdev
CVE-2026-21686Same product: Color Iccdev
CVE-2026-21684Same product: Color Iccdev

Affected Assets

color
iccdev
≤ 2.3.1.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of ICC profile inputs to prevent out-of-bounds reads during tag parsing in CIccTagTextDescription::Release().

prevent

Enforces memory protection mechanisms that block heap-buffer-overflow reads and resulting crashes or disclosure in the iccDEV library.

preventdetect

Requires integrity verification of software and inputs to detect or block malicious ICC profiles that trigger the overflow.

References