CVE-2026-30980
Stack Overflow in iccDEV CIccBasicStructFactory Causes Crash
Publication date: 2026-03-10
Last updated on: 2026-03-13
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| color | iccdev | to 2.3.1.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-674 | The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack. |
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-30980 is a stack overflow vulnerability in the iccDEV project, specifically in the function CIccBasicStructFactory::CreateStruct(). This function can enter uncontrolled recursion due to malformed or crafted ICC profile data, causing excessive stack usage and eventually a stack overflow that crashes the program.
The root cause is that the function does not properly check tag sizes before processing, which leads to infinite recursion and stack exhaustion. This vulnerability was discovered through fuzz testing and is fixed in version 2.3.1.5 by adding checks on tag sizes to prevent the infinite loop.
How can this vulnerability impact me? :
This vulnerability can impact you by causing a denial of service (DoS) through application crashes. When exploited, the stack overflow leads to uncontrolled recursion and stack exhaustion, causing the affected program to abort unexpectedly.
The impact is limited to availability, meaning it does not affect confidentiality or integrity of data. The attack requires local access and some user interaction but no special privileges.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing the iccDEV tools, particularly the function CIccBasicStructFactory::CreateStruct(), with crafted ICC profile data that triggers uncontrolled recursion and stack overflow.'}, {'type': 'paragraph', 'content': 'Fuzz testing using tools like libFuzzer can be employed to detect the stack overflow, as was done in the original discovery.'}, {'type': 'paragraph', 'content': 'Running the iccDumpProfile tool on suspicious or untrusted ICC profile files may cause the program to crash with an AddressSanitizer error indicating a stack overflow.'}, {'type': 'list_item', 'content': "Use fuzzing tools such as libFuzzer targeting iccDEV's ICC profile parsing functions."}, {'type': 'list_item', 'content': 'Run the command: `iccDumpProfile <profile.icc>` on ICC profiles to check for crashes or stack overflow errors.'}, {'type': 'list_item', 'content': 'Monitor for application crashes with messages like "stack-overflow on address" from AddressSanitizer or similar runtime diagnostics.'}] [3]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade the iccDEV package to version 2.3.1.5 or later, where the vulnerability has been fixed.
The fix involves added checks on tag sizes to prevent uncontrolled recursion and stack overflow.
Until the upgrade can be applied, avoid processing untrusted or malformed ICC profile files with vulnerable versions of iccDEV to reduce the risk of triggering the stack overflow.
- Update iccDEV to version 2.3.1.5 or newer.
- Restrict or validate ICC profile inputs to prevent malformed data from being processed.
- Monitor application logs for crashes related to ICC profile processing and address them promptly.