CVE-2026-30985

High

Published: 10 March 2026

Published

10 March 2026

Modified

13 March 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0002 3.5th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30985 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Color Iccdev. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 3.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the heap-based buffer overflow in iccDEV prior to version 2.3.1.5 by requiring timely patching to the fixed release.

SI-16 Memory Protection good match

prevent

Provides memory protections such as address space layout randomization and non-executable heaps to mitigate exploitation of the heap-based buffer overflow causing memory corruption.

SI-10 Information Input Validation partial match

prevent

Enforces validation of ICC color profile inputs to block specially crafted files that trigger the buffer overflow in CIccMatrixMath::SetRange().

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

Heap buffer overflow in ICC profile parser enables client-side code execution when victim opens malicious file (T1203 Exploitation for Client Execution + T1204.002 Malicious File).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange() causing memory corruption or crash. This vulnerability is fixed in 2.3.1.5.

Deeper analysisAI

CVE-2026-30985 is a heap-based buffer overflow write vulnerability in the iccDEV libraries and tools, which are used for working with ICC color management profiles. The flaw resides in the CIccMatrixMath::SetRange() function and affects versions prior to 2.3.1.5, potentially leading to memory corruption or application crashes. It is rated with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWEs-120 (Buffer Copy without Checking Size), CWE-122 (Heap-based Buffer Overflow), and CWE-787 (Out-of-bounds Write).

The vulnerability can be exploited by a local attacker with no privileges who tricks a user into processing a specially crafted ICC color profile file via an affected iccDEV application. Exploitation requires low complexity and user interaction, such as opening a malicious file. Successful exploitation enables high-impact consequences, including arbitrary code execution, data tampering, or denial of service through memory corruption.

Mitigation is available via the official patch in iccDEV version 2.3.1.5, as detailed in the project's GitHub release notes, security advisory (GHSA-f9wv-cq46-f9wg), associated issue tracker (#621), and pull request (#636). Security practitioners should advise updating to the fixed version and validating ICC profiles from untrusted sources where possible.

Details

CWE(s): CWE-120 CWE-122 CWE-787

Affected Products

color

iccdev

≤ 2.3.1.5

CVEs Like This One

CVE-2026-30979Same product: Color Iccdev

CVE-2026-31796Same product: Color Iccdev

CVE-2026-30987Same product: Color Iccdev

CVE-2026-25582Same product: Color Iccdev

CVE-2026-31795Same product: Color Iccdev

CVE-2026-30983Same product: Color Iccdev

CVE-2026-22861Same product: Color Iccdev

CVE-2026-21678Same product: Color Iccdev

CVE-2026-21676Same product: Color Iccdev

CVE-2026-25584Same product: Color Iccdev

References

https://github.com/InternationalColorConsortium/iccDEV/issues/621
Issue Tracking · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/pull/636
Issue Tracking, Patch · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5
Product · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-f9wv-cq46-f9wg
Patch, Vendor Advisory · security-advisories@github.com