CVE-2026-30983
Stack Buffer Overflow in iccDEV icFixXml() Causes Crash
Publication date: 2026-03-10
Last updated on: 2026-03-13
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| color | iccdev | to 2.3.1.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-30983 is a stack-based buffer overflow vulnerability in the icFixXml() function of the iccDEV project. It occurs because the function uses strcpy without checking that the input fits within the allocated stack buffer, causing a 7-byte overflow beyond the buffer boundary.
This overflow happens during processing of specially crafted ICC profile files when converting them to XML using the iccToXml tool. The overflow can corrupt stack memory, potentially leading to application crashes or arbitrary code execution.
The vulnerability was detected by fuzz testing with AddressSanitizer and affects versions of iccDEV prior to 2.3.1.5, where it has been fixed by ensuring proper null termination of strings to prevent overflow.
How can this vulnerability impact me? :
This vulnerability can lead to stack memory corruption when processing malicious ICC profile files, which may cause the application to crash or allow an attacker to execute arbitrary code.
Because the vulnerability affects confidentiality, integrity, and availability, exploitation could result in unauthorized access to sensitive data, modification of data, or denial of service.
The attack requires local access and user interaction, but no special privileges are needed, making it a significant risk in environments where untrusted ICC profiles are processed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the use of the iccToXml tool when processing ICC profile files, especially if AddressSanitizer or similar memory error detection tools are available. The overflow occurs during the execution of iccToXml when it processes specially crafted ICC profile files.
A practical detection method is to run iccToXml with AddressSanitizer enabled on suspicious or untrusted ICC profile files to check for stack buffer overflow errors.
Example command to detect the overflow using AddressSanitizer (assuming iccToXml is compiled with ASan):
- ASAN_OPTIONS=detect_stack_use_after_return=1 ./iccToXml suspicious_profile.icc
Alternatively, fuzz testing tools like libFuzzer were used to discover this vulnerability, so running fuzz tests against iccToXml with malformed ICC profiles can help detect similar issues.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the iccDEV package to version 2.3.1.5 or later, where the vulnerability has been fixed.
The fix involves ensuring proper null termination of strings in the icFixXml() function to prevent buffer overflow conditions.
If upgrading immediately is not possible, avoid processing untrusted or malformed ICC profile files with the vulnerable versions of iccToXml to reduce the risk of exploitation.