{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T20:17:02.277","vulnerabilities":[{"cve":{"id":"CVE-2026-27692","sourceIdentifier":"security-advisories@github.com","published":"2026-02-25T15:20:52.727","lastModified":"2026-02-26T15:43:56.077","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release() when strlen() reads past a heap buffer while parsing ICC profile XML text description tags, causing a crash. Commit 29d088840b962a7cdd35993dfabc2cb35a049847 fixes the issue. No known workarounds are available."},{"lang":"es","value":"iccDEV proporciona un conjunto de librerías y herramientas para trabajar con perfiles ICC de gestión de color. En versiones hasta la 2.3.1.4 inclusive, se produce una lectura de desbordamiento de búfer de montón durante CIccTagTextDescription::Release() cuando strlen() lee más allá de un búfer de montón mientras analiza etiquetas de descripción de texto XML de perfiles ICC, causando un fallo. El commit 29d088840b962a7cdd35993dfabc2cb35a049847 corrige el problema. No se conocen soluciones alternativas disponibles."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-170"},{"lang":"en","value":"CWE-787"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3.1.4","matchCriteriaId":"13349570-1947-4F22-8E72-1B0AB45D143F"}]}]}],"references":[{"url":"https://github.com/InternationalColorConsortium/iccDEV/commit/29d088840b962a7cdd35993dfabc2cb35a049847","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/InternationalColorConsortium/iccDEV/issues/609","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/InternationalColorConsortium/iccDEV/pull/610","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-3869-prw8-gjqr","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}