CVE-2026-31796

High

Published: 10 March 2026

Published

10 March 2026

Modified

13 March 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0002 3.5th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-31796 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Color Iccdev. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 3.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mandates timely patching of the heap buffer overflow vulnerability in iccDEV by updating to version 2.3.1.5 or later.

SI-10 Information Input Validation good match

prevent

Requires validation of XML inputs to the icCurvesFromXml() function to reject malformed data that triggers the heap-based buffer overflow.

SI-16 Memory Protection partial match

prevent

Implements memory protections like ASLR and DEP to mitigate exploitation of heap memory corruption from the buffer overflow.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

Heap overflow in local XML/ICC file parser enables RCE on user-triggered open of crafted file (T1204.002), directly supporting client application exploitation (T1203).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in icCurvesFromXml() causing heap memory corruption or crash. This vulnerability is fixed in 2.3.1.5.

Deeper analysisAI

CVE-2026-31796 is a heap-based buffer overflow vulnerability in the icCurvesFromXml() function within iccDEV, a set of libraries and tools for working with ICC color management profiles. Versions of iccDEV prior to 2.3.1.5 are affected, where processing malformed XML input can trigger the overflow, leading to heap memory corruption or application crash. The issue is classified under CWE-122 (Heap-based Buffer Overflow) and CWE-787 (Out-of-bounds Write), with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A local attacker with no privileges can exploit this vulnerability by tricking a user into processing a specially crafted XML file via an application that uses the affected iccDEV libraries. Successful exploitation requires user interaction but low complexity, allowing the attacker to achieve high-impact effects including arbitrary code execution, data tampering, or denial of service through heap corruption.

Mitigation is available via the official patch in iccDEV version 2.3.1.5, as detailed in the project's GitHub security advisory (GHSA-mv6h-vpcg-pwfx), issue tracker (#651), pull request (#658), and release notes. Security practitioners should advise updating affected applications and libraries to 2.3.1.5 or later to prevent exploitation.

Details

CWE(s): CWE-122 CWE-787

Affected Products

color

iccdev

≤ 2.3.1.5

CVEs Like This One

CVE-2026-25582Same product: Color Iccdev

CVE-2026-30979Same product: Color Iccdev

CVE-2026-30985Same product: Color Iccdev

CVE-2026-21676Same product: Color Iccdev

CVE-2026-21678Same product: Color Iccdev

CVE-2026-30987Same product: Color Iccdev

CVE-2026-30983Same product: Color Iccdev

CVE-2026-31795Same product: Color Iccdev

CVE-2026-25584Same product: Color Iccdev

CVE-2026-22861Same product: Color Iccdev

References

https://github.com/InternationalColorConsortium/iccDEV/issues/651
Issue Tracking · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/pull/658
Issue Tracking, Patch · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5
Product · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-mv6h-vpcg-pwfx
Patch, Vendor Advisory · security-advisories@github.com