CVE-2026-30980

Published: Mar 10, 2026Modified: Mar 13, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: security-advisories@github.com (Secondary)

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack overflow in CIccBasicStructFactory::CreateStruct() causing uncontrolled recursion/stack exhaustion and crash. This vulnerability is fixed in 2.3.1.5.

Affected (1)

Products: Color: Iccdev

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Color Iccdev	Before 2.3.1.5

Related CWEs

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

References (4)

https://github.com/InternationalColorConsortium/iccDEV/issues/629

Source: security-advisories@github.com

Issue Tracking

https://github.com/InternationalColorConsortium/iccDEV/pull/630

Source: security-advisories@github.com

Issue TrackingPatch

https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5

Source: security-advisories@github.com

Product

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-w478-77q7-2hc2

Source: security-advisories@github.com

PatchVendor Advisory

Timeline

No history available yet.