CVE-2026-30980

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-30980
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack overflow in CIccBasicStructFactory::CreateStruct() causing uncontrolled recursion/stack exhaustion and crash. This vulnerability is fixed in 2.3.1.5.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/InternationalColorConsortium/iccDEV/issues/629 Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/pull/630 Issue Tracking Patch
https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5 Product
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-w478-77q7-2hc2 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*
History

13 Mar 2026, 20:28

Type Values Removed Values Added
CPE cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*
References () https://github.com/InternationalColorConsortium/iccDEV/issues/629 - () https://github.com/InternationalColorConsortium/iccDEV/issues/629 - Issue Tracking
References () https://github.com/InternationalColorConsortium/iccDEV/pull/630 - () https://github.com/InternationalColorConsortium/iccDEV/pull/630 - Issue Tracking, Patch
References () https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5 - () https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5 - Product
References () https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-w478-77q7-2hc2 - () https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-w478-77q7-2hc2 - Patch, Vendor Advisory
First Time Color
Color iccdev

11 Mar 2026, 13:53

Type Values Removed Values Added
Summary
  • (es) iccDEV proporciona un conjunto de bibliotecas y herramientas para trabajar con perfiles de gestión de color ICC. Antes de la versión 2.3.1.5, existe un desbordamiento de pila en CIccBasicStructFactory::CreateStruct() causando recursión incontrolada/agotamiento de la pila y un bloqueo. Esta vulnerabilidad se ha corregido en la versión 2.3.1.5.

10 Mar 2026, 18:18

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-10 18:18

Updated : 2026-03-13 20:28

NVD link : CVE-2026-30980

Mitre link : CVE-2026-30980

CVE.ORG link : CVE-2026-30980

JSON object : View

Products Affected

color

  • iccdev
CWE
CWE-121

Stack-based Buffer Overflow

CWE-400

Uncontrolled Resource Consumption

CWE-674

Uncontrolled Recursion