VYPR
Unrated severityNVD Advisory· Published Feb 25, 2026· Updated Feb 25, 2026

iccDEV has SIO in parse3DTable() at iccFromCube.cpp Line 218

CVE-2026-27691

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when processing crafted/large cube inputs. Commit 43ae18dd69fc70190d3632a18a3af2f3da1e052a fixes the issue. No known workarounds are available.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • iccDEV/iccDEVllm-fuzzy
    Range: <=2.3.1.4
  • InternationalColorConsortium/iccDEVv5
    Range: <= 2.3.1.4

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.