CVE-2026-30983

High

Published: 10 March 2026

Published

10 March 2026

Modified

13 March 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0002 3.5th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30983 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Color Iccdev. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 3.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mandates timely identification, reporting, and patching of the stack buffer overflow flaw in iccDEV's icFixXml() function, aligning with the official fix in version 2.3.1.5.

SI-16 Memory Protection good match

prevent

Provides runtime memory protections such as stack canaries, ASLR, and DEP that directly mitigate stack-based buffer overflow exploits leading to corruption or code execution.

RA-5 Vulnerability Monitoring and Scanning good match

detect

Requires regular vulnerability scanning to identify the iccDEV buffer overflow (CWE-120/121/787) in system components and dependent applications using ICC profiles.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

Stack buffer overflow in ICC profile parsing library directly enables client-side arbitrary code execution when user opens malicious file (T1203 Exploitation for Client Execution combined with T1204.002 Malicious File under User Execution).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in icFixXml() (strcpy) causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5.

Deeper analysisAI

CVE-2026-30983 is a stack buffer overflow vulnerability in the iccDEV libraries and tools, which are used for working with ICC color management profiles. The issue resides in the icFixXml() function, where an unsafe strcpy operation leads to stack memory corruption or application crashes. It affects versions of iccDEV prior to 2.3.1.5 and is associated with CWEs-120 (buffer copy without checking size of input), CWE-121 (stack-based buffer overflow), and CWE-787 (out-of-bounds write). The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

A local attacker with no privileges can exploit this vulnerability by tricking a user into processing a specially crafted ICC color profile that triggers the buffer overflow in icFixXml(). This requires user interaction, such as opening a malicious file in an application that uses iccDEV. Successful exploitation could result in high confidentiality, integrity, and availability impacts, including arbitrary code execution, data corruption, or denial of service via crashes.

Mitigation is available through upgrading to iccDEV version 2.3.1.5 or later, where the vulnerability is fixed. Official advisories and resources include the GitHub security advisory (GHSA-h3ph-mwq5-3883), issue tracker (#624), pull request (#634), and release notes for v2.3.1.5. Security practitioners should audit dependent applications using iccDEV for color profile handling and apply patches promptly.

Details

CWE(s): CWE-120 CWE-121 CWE-787

Affected Products

color

iccdev

≤ 2.3.1.5

CVEs Like This One

CVE-2026-30987Same product: Color Iccdev

CVE-2026-31795Same product: Color Iccdev

CVE-2026-30985Same product: Color Iccdev

CVE-2026-30979Same product: Color Iccdev

CVE-2026-22861Same product: Color Iccdev

CVE-2026-25584Same product: Color Iccdev

CVE-2026-25502Same product: Color Iccdev

CVE-2026-31796Same product: Color Iccdev

CVE-2026-25582Same product: Color Iccdev

CVE-2026-21678Same product: Color Iccdev

References

https://github.com/InternationalColorConsortium/iccDEV/issues/624
Issue Tracking · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/pull/634
Issue Tracking, Patch · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5
Product · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-h3ph-mwq5-3883
Patch, Vendor Advisory · security-advisories@github.com