CVE-2026-30979

High

Published: 10 March 2026

Published

10 March 2026

Modified

13 March 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0002 3.5th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30979 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Color Iccdev. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 3.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 ensures timely patching of the heap-based buffer overflow in iccDEV prior to version 2.3.1.5, directly remediating the vulnerability as specified in the GitHub advisory.

SI-10 Information Input Validation good match

prevent

SI-10 requires validation of information inputs like malicious ICC profiles to prevent buffer overflows from unchecked sizes in CIccCalculatorFunc::InitSelectOp().

SI-16 Memory Protection good match

prevent

SI-16 implements memory protections such as ASLR and DEP to safeguard against exploitation of the heap-based buffer overflow leading to code execution or crashes.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

Heap buffer overflow in client-side ICC profile processing library enables RCE via malicious file opened by user (T1203 client exploitation + T1204.002 malicious file).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp() triggered with local user interaction causing memory corruption/crash. This vulnerability is fixed in 2.3.1.5.

Deeper analysisAI

CVE-2026-30979 is a heap-based buffer overflow vulnerability in the iccDEV libraries and tools, which are used for working with ICC color management profiles. The flaw resides in the CIccCalculatorFunc::InitSelectOp() function and affects versions prior to 2.3.1.5. Published on 2026-03-10, it is rated 7.8 on the CVSS v3.1 scale (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWEs-120 (buffer copy without checking size), CWE-122 (heap-based buffer overflow), and CWE-787 (out-of-bounds write).

A local attacker with no privileges can exploit this vulnerability by tricking a user into interacting with a malicious input, such as processing a specially crafted ICC profile. Successful exploitation leads to memory corruption or a crash, with high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution in the context of the affected process.

Mitigation is available in iccDEV version 2.3.1.5, which addresses the issue via a targeted fix. Security practitioners should update to this release, as detailed in the project's GitHub security advisory (GHSA-8c76-67wr-hrp4), the associated issue tracker (#617), pull request (#622), and release notes.

Details

CWE(s): CWE-120 CWE-122 CWE-787

Affected Products

color

iccdev

≤ 2.3.1.5

CVEs Like This One

CVE-2026-30985Same product: Color Iccdev

CVE-2026-31796Same product: Color Iccdev

CVE-2026-30987Same product: Color Iccdev

CVE-2026-25582Same product: Color Iccdev

CVE-2026-31795Same product: Color Iccdev

CVE-2026-30983Same product: Color Iccdev

CVE-2026-22861Same product: Color Iccdev

CVE-2026-21678Same product: Color Iccdev

CVE-2026-21676Same product: Color Iccdev

CVE-2026-25584Same product: Color Iccdev

References

https://github.com/InternationalColorConsortium/iccDEV/issues/617
Issue Tracking · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/pull/622
Issue Tracking, Patch · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5
Product · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-8c76-67wr-hrp4
Patch, Vendor Advisory · security-advisories@github.com