CVE-2026-30979
Heap-Based Buffer Overflow in iccDEV Causes Memory Corruption
Publication date: 2026-03-10
Last updated on: 2026-03-13
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| color | iccdev | to 2.3.1.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-30979 is a heap-based buffer overflow vulnerability in the iccDEV project, specifically in the function CIccCalculatorFunc::InitSelectOp(). This vulnerability occurs when the function attempts to read or write beyond the allocated heap buffer boundaries during the initialization of select operations in ICC profile processing.
The issue arises due to improper bounds checking or indexing, leading to out-of-bounds memory access. It can be triggered by processing a specially crafted ICC profile file, causing memory corruption or application crashes.
The vulnerability was discovered through fuzz testing and is fixed in version 2.3.1.5 by ensuring array boundaries are not exceeded during select/case statement processing.
How can this vulnerability impact me? :
This vulnerability can lead to memory corruption or application crashes when processing malicious ICC profile files.
An attacker with local access and no special privileges can exploit this flaw by triggering the vulnerable function through user interaction, potentially causing denial of service or arbitrary code execution.
The impact is rated high for confidentiality, integrity, and availability, meaning it could allow unauthorized access to sensitive data, modification of data, or disruption of service.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the iccDEV tools, specifically the iccRoundTrip tool, with crafted malicious ICC profile files that trigger the heap buffer overflow in the function CIccCalculatorFunc::InitSelectOp().
A practical detection method involves using fuzz testing tools such as libFuzzer to generate and process ICC profiles, monitoring for crashes or memory corruption during execution.
For example, you can run the following command to test with a proof-of-concept ICC profile file that triggers the vulnerability:
- iccRoundTrip <path_to_malicious_icc_profile>
Additionally, running the iccRoundTrip tool under AddressSanitizer or similar memory error detection tools can help identify the heap buffer overflow by reporting out-of-bounds reads or writes.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the iccDEV package to version 2.3.1.5 or later, where the heap buffer overflow vulnerability in CIccCalculatorFunc::InitSelectOp() has been fixed.
Since the vulnerability requires local user interaction and no privileges, restricting access to the iccDEV tools and preventing untrusted users from processing ICC profile files can reduce risk.
No workarounds are provided, so patching to the fixed version is the recommended action.