{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-30979", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-07T17:53:48.817Z", "datePublished": "2026-03-10T17:47:57.273Z", "dateUpdated": "2026-03-10T19:32:27.894Z"}, "containers": {"cna": {"title": "iccDEV has a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp()", "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "lang": "en", "description": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-122", "lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-787", "lang": "en", "description": "CWE-787: Out-of-bounds Write", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-8c76-67wr-hrp4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-8c76-67wr-hrp4"}, {"name": "https://github.com/InternationalColorConsortium/iccDEV/issues/617", "tags": ["x_refsource_MISC"], "url": "https://github.com/InternationalColorConsortium/iccDEV/issues/617"}, {"name": "https://github.com/InternationalColorConsortium/iccDEV/pull/622", "tags": ["x_refsource_MISC"], "url": "https://github.com/InternationalColorConsortium/iccDEV/pull/622"}, {"name": "https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5", "tags": ["x_refsource_MISC"], "url": "https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5"}], "affected": [{"vendor": "InternationalColorConsortium", "product": "iccDEV", "versions": [{"version": "< 2.3.1.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-10T17:47:57.273Z"}, "descriptions": [{"lang": "en", "value": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp() triggered with local user interaction causing memory corruption/crash. This vulnerability is fixed in 2.3.1.5."}], "source": {"advisory": "GHSA-8c76-67wr-hrp4", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-30979", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-10T19:26:34.615265Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T19:32:27.894Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-30979", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-10T19:26:34.615265Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T19:28:06.308Z"}}], "cna": {"title": "iccDEV has a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp()", "source": {"advisory": "GHSA-8c76-67wr-hrp4", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "InternationalColorConsortium", "product": "iccDEV", "versions": [{"status": "affected", "version": "< 2.3.1.5"}]}], "references": [{"url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-8c76-67wr-hrp4", "name": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-8c76-67wr-hrp4", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/issues/617", "name": "https://github.com/InternationalColorConsortium/iccDEV/issues/617", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/pull/622", "name": "https://github.com/InternationalColorConsortium/iccDEV/pull/622", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5", "name": "https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp() triggered with local user interaction causing memory corruption/crash. This vulnerability is fixed in 2.3.1.5."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-10T17:47:57.273Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30979", "state": "PUBLISHED", "dateUpdated": "2026-03-10T19:32:27.894Z", "dateReserved": "2026-03-07T17:53:48.817Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-10T17:47:57.273Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*", "matchCriteriaId": "93948DB5-220B-49A5-A4BC-B3D19FBCBED5", "versionEndExcluding": "2.3.1.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp() triggered with local user interaction causing memory corruption/crash. This vulnerability is fixed in 2.3.1.5."}, {"lang": "es", "value": "iccDEV proporciona un conjunto de bibliotecas y herramientas para trabajar con perfiles de gesti\u00f3n de color ICC. Antes de la versi\u00f3n 2.3.1.5, existe un desbordamiento de b\u00fafer basado en mont\u00edculo en CIccCalculatorFunc::InitSelectOp() que se activa con la interacci\u00f3n de un usuario local, causando corrupci\u00f3n de memoria/fallo. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 2.3.1.5."}], "id": "CVE-2026-30979", "lastModified": "2026-03-13T20:28:03.303", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-10T18:18:56.700", "references": [{"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/InternationalColorConsortium/iccDEV/issues/617"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/InternationalColorConsortium/iccDEV/pull/622"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-8c76-67wr-hrp4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}, {"lang": "en", "value": "CWE-122"}, {"lang": "en", "value": "CWE-787"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.3.1.5)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "iccDEV", "source": "cna", "vendor": "InternationalColorConsortium"}, "product": "iccdev", "vendor": "internationalcolorconsortium"}], "analysis": {"en": {"generated_at": "2026-04-16T09:40:44.254358+00:00", "value": {"mitigation_remediation": ["Upgrade all iccDEV installations to version 2.3.1.5 or later.", "If an upgrade cannot be performed immediately, restrict or disable use of CIccCalculatorFunc::InitSelectOp() for untrusted local users to prevent triggering the buffer overflow.", "Implement monitoring of application crashes or memory corruption events to detect any attempts to exploit the vulnerability in environments where the patch is pending."], "summary": {"action": "Immediately Patch", "impact": "Local Heap Buffer Overflow"}, "threat_synthesis": {"affected_systems": "The bug affects all installations of the InternationalColorConsortium's iccDEV software released prior to version 2.3.1.5. Users running earlier releases of the library that reference CIccCalculatorFunc need to upgrade to the patched version to eliminate the vulnerable code paths.", "description_and_impact": "A heap-based buffer overflow exists in the CIccCalculatorFunc::InitSelectOp() routine of iccDEV, a library used for processing ICC color management profiles. When a local user supplies specially crafted input, the function fails to validate buffer boundaries, causing uncontrolled memory writes that corrupt heap memory and lead to a crash or potential arbitrary code execution. The flaw is tied to common CWE vulnerabilities involving buffer overflows and memory corruption.", "risk_and_exploitability": "The CVSS score of 7.8 classifies the flaw as high severity. Because the trigger requires local user interaction, the exploitability is limited to users who can directly invoke the vulnerable function; however, the potential for memory corruption or arbitrary code execution makes it a serious risk. The EPSS score of less than 1% suggests that current exploitation probability is low, and the vulnerability is not included in the CISA Known Exploited Vulnerabilities catalog, reducing the urgency of immediate detection but still warranting rapid remediation."}}}}, "created": "2026-03-11T11:44:38.631247+00:00", "updated": "2026-04-16T09:45:31.673514+00:00", "vendors": ["internationalcolorconsortium", "internationalcolorconsortium$PRODUCT$iccdev"]}