CVE-2026-30987
Stack Buffer Overflow in iccDEV ICC Profile Library Causes Crash
Publication date: 2026-03-10
Last updated on: 2026-03-13
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| color | iccdev | to 2.3.1.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-30987 is a high-severity stack buffer overflow vulnerability in the iccDEV package, specifically in the function CIccTagNum<(icTagTypeSignature)>::GetValues(). The vulnerability occurs because the function copies input data into a stack-allocated buffer without properly verifying that the input size is smaller than the output buffer size. This improper bounds checking leads to overwriting stack memory beyond its intended boundaries, causing stack memory corruption or application crashes.
The root cause is an out-of-bounds write during the processing of ICC color management profile tag values, triggered when the function iterates incorrectly over the output size rather than the input size. This flaw can lead to memory corruption and potentially arbitrary code execution.
The vulnerability affects all versions of iccDEV prior to 2.3.1.5 and was fixed in version 2.3.1.5 by correcting the iteration logic and adding proper size validation.
How can this vulnerability impact me? :
This vulnerability can cause stack memory corruption, leading to application crashes or potentially allowing an attacker to execute arbitrary code on the affected system.
Because the vulnerability impacts confidentiality, integrity, and availability at a high level, exploitation could result in unauthorized access to sensitive data, modification of data, or denial of service by crashing the application.
The attack requires local access and user interaction but does not require privileges, making it a significant risk in environments where untrusted users can run the vulnerable software.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by triggering the stack buffer overflow in the function CIccTagNum::GetValues() using specially crafted ICC profile files. A proof-of-concept (PoC) file named sbo-CIccTagStruct-GetElemNumberValue-IccTagComposite_cpp-Line737.icc has been used to reproduce the issue.
Detection can be performed by running the iccApplyNamedCmm command-line tool with the crafted ICC profile to observe if a crash or memory corruption occurs.
Additionally, running the affected application or library with memory error detection tools such as AddressSanitizer or UndefinedBehaviorSanitizer enabled can help detect the stack buffer overflow during execution.
- Use AddressSanitizer or UndefinedBehaviorSanitizer when building and running iccDEV tools to catch memory errors.
- Run the command: iccApplyNamedCmm <crafted-icc-profile.icc> to test for crashes triggered by the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation step is to upgrade the iccDEV package to version 2.3.1.5 or later, where this stack buffer overflow vulnerability has been fixed.
There are no known workarounds for this vulnerability, so applying the official patch or updated release is essential to prevent exploitation.
- Update iccDEV to version 2.3.1.5 or newer.
- Avoid processing untrusted or specially crafted ICC profile files until the update is applied.