CVE-2026-30987

High

Published: 10 March 2026

Published

10 March 2026

Modified

13 March 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0002 3.5th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30987 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Color Iccdev. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 3.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly requires identifying, prioritizing, and remediating known flaws like this stack buffer overflow by updating to iccDEV 2.3.1.5 or later.

SI-16 Memory Protection good match

prevent

Implements memory protections such as non-executable stacks and address space randomization to prevent exploitation of stack buffer overflows leading to corruption, disclosure, or modification.

SI-10 Information Input Validation partial match

prevent

Requires validation of information inputs like crafted ICC color profile files to ensure they do not trigger the buffer overflow in CIccTagNum<>::GetValues().

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

Buffer overflow in local ICC profile parser enables code execution (or DoS) when victim opens crafted file; directly maps to client-side exploitation and malicious file execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in CIccTagNum<>::GetValues() causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5.

Deeper analysisAI

CVE-2026-30987 is a stack buffer overflow vulnerability in the iccDEV libraries and tools, which are used for working with ICC color management profiles. The flaw exists in the CIccTagNum<>::GetValues() function in versions prior to 2.3.1.5, potentially leading to stack memory corruption or application crashes. It is associated with CWE-120 (buffer copy without checking size), CWE-121 (stack-based buffer overflow), and CWE-787 (out-of-bounds write).

An unprivileged local attacker can exploit this vulnerability by tricking a user into processing a specially crafted ICC color profile file, as indicated by the CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (score 7.8). Successful exploitation requires low complexity and user interaction but no special privileges. Attackers could achieve high impacts, including unauthorized disclosure of sensitive information, modification of data or code, and denial of service through crashes or corruption.

Mitigation is available in iccDEV version 2.3.1.5 and later, which addresses the buffer overflow. Security practitioners should update affected applications using iccDEV libraries to this version or higher. Relevant advisories and fixes are detailed in the project's GitHub security advisory (GHSA-fj57-gfhq-rjqr), issue tracker (#618), pull request (#638), and release notes for v2.3.1.5.

Details

CWE(s): CWE-120 CWE-121 CWE-787

Affected Products

color

iccdev

≤ 2.3.1.5

CVEs Like This One

CVE-2026-31795Same product: Color Iccdev

CVE-2026-30983Same product: Color Iccdev

CVE-2026-30985Same product: Color Iccdev

CVE-2026-30979Same product: Color Iccdev

CVE-2026-22861Same product: Color Iccdev

CVE-2026-25584Same product: Color Iccdev

CVE-2026-25502Same product: Color Iccdev

CVE-2026-31796Same product: Color Iccdev

CVE-2026-25582Same product: Color Iccdev

CVE-2026-21678Same product: Color Iccdev

References

https://github.com/InternationalColorConsortium/iccDEV/issues/618
Issue Tracking · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/pull/638
Issue Tracking, Patch · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5
Product · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-fj57-gfhq-rjqr
Patch, Vendor Advisory · security-advisories@github.com