CVE-2026-31795

High

Published: 10 March 2026

Published

10 March 2026

Modified

13 March 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0001 2.3th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-31795 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Color Iccdev. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 2.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mandates timely remediation of the stack buffer overflow flaw in iccDEV by patching to version 2.3.1.5 or later, preventing exploitation.

SI-16 Memory Protection good match

prevent

Implements memory safeguards like stack canaries and DEP to block unauthorized code execution from the stack buffer overflow in CIccXform3DLut::Apply().

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Enables scanning and monitoring to identify systems running vulnerable iccDEV versions affected by CVE-2026-31795 for prioritized patching.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

Stack buffer overflow in client-side ICC profile parser directly enables T1203 (Exploitation for Client Execution) when triggered by a malicious file that a user is tricked into opening (T1204.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow write in CIccXform3DLut::Apply() corrupting stack memory or crash. This vulnerability is fixed in 2.3.1.5.

Deeper analysisAI

CVE-2026-31795 is a stack buffer overflow vulnerability affecting iccDEV, a set of libraries and tools for working with ICC color management profiles. In versions prior to 2.3.1.5, the CIccXform3DLut::Apply() function contains a stack buffer overflow write that can corrupt stack memory or cause an application crash. Published on 2026-03-10, the issue maps to CWE-120 (buffer copy without checking size), CWE-121 (stack-based buffer overflow), and CWE-787 (out-of-bounds write), with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

The vulnerability can be exploited by a local attacker with no privileges who tricks a user into processing a malicious ICC profile, requiring user interaction such as opening a specially crafted file in an application that uses iccDEV. Successful exploitation leads to high-impact consequences, including potential arbitrary code execution, data tampering, or denial of service via stack memory corruption.

Mitigation is available in iccDEV version 2.3.1.5, which includes a fix for the overflow. The GitHub security advisory (GHSA-wh5x-j6pq-pr3c), issue #649, pull request #655, and release tag v2.3.1.5 provide details on the patch and resolution. Security practitioners should update dependent applications to 2.3.1.5 or later to prevent exploitation.

Details

CWE(s): CWE-120 CWE-121 CWE-787

Affected Products

color

iccdev

≤ 2.3.1.5

CVEs Like This One

CVE-2026-30987Same product: Color Iccdev

CVE-2026-30983Same product: Color Iccdev

CVE-2026-30985Same product: Color Iccdev

CVE-2026-30979Same product: Color Iccdev

CVE-2026-22861Same product: Color Iccdev

CVE-2026-25584Same product: Color Iccdev

CVE-2026-25502Same product: Color Iccdev

CVE-2026-31796Same product: Color Iccdev

CVE-2026-25582Same product: Color Iccdev

CVE-2026-21678Same product: Color Iccdev

References

https://github.com/InternationalColorConsortium/iccDEV/issues/649
Issue Tracking · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/pull/655
Issue Tracking, Patch · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5
Product · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wh5x-j6pq-pr3c
Patch, Vendor Advisory · security-advisories@github.com