CVE-2026-30980 - Vulnerability Details - OpenCVE

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack overflow in CIccBasicStructFactory::CreateStruct() causing uncontrolled recursion/stack exhaustion and crash. This vulnerability is fixed in 2.3.1.5.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/InternationalColorConsortium/iccDEV/issues/629
https://github.com/InternationalColorConsortium/iccDEV/pull/630
https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-w478-77q7-2hc2

History

Tue, 10 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Description		iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack overflow in CIccBasicStructFactory::CreateStruct() causing uncontrolled recursion/stack exhaustion and crash. This vulnerability is fixed in 2.3.1.5.
Title		iccDEV has a stack overflow in CIccBasicStructFactory::CreateStruct()
Weaknesses		CWE-121 CWE-400 CWE-674
References		https://github.com/InternationalColorConsortium/iccDEV/issues/629 https://github.com/InternationalColorConsortium/iccDEV/pull/630 https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5 https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-w478-77q7-2hc2
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-03-10T18:07:26.404Z

Updated: 2026-03-10T19:32:25.781Z

Reserved: 2026-03-07T17:53:48.817Z

Link: CVE-2026-30980

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-10T18:18:56.863

Modified: 2026-03-10T18:18:56.863

Link: CVE-2026-30980

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-30980", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-07T17:53:48.817Z", "datePublished": "2026-03-10T18:07:26.404Z", "dateUpdated": "2026-03-10T19:32:25.781Z"}, "containers": {"cna": {"title": "iccDEV has a stack overflow in CIccBasicStructFactory::CreateStruct()", "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "lang": "en", "description": "CWE-121: Stack-based Buffer Overflow", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-400", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-674", "lang": "en", "description": "CWE-674: Uncontrolled Recursion", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-w478-77q7-2hc2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-w478-77q7-2hc2"}, {"name": "https://github.com/InternationalColorConsortium/iccDEV/issues/629", "tags": ["x_refsource_MISC"], "url": "https://github.com/InternationalColorConsortium/iccDEV/issues/629"}, {"name": "https://github.com/InternationalColorConsortium/iccDEV/pull/630", "tags": ["x_refsource_MISC"], "url": "https://github.com/InternationalColorConsortium/iccDEV/pull/630"}, {"name": "https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5", "tags": ["x_refsource_MISC"], "url": "https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5"}], "affected": [{"vendor": "InternationalColorConsortium", "product": "iccDEV", "versions": [{"version": "< 2.3.1.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-10T18:07:26.404Z"}, "descriptions": [{"lang": "en", "value": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack overflow in CIccBasicStructFactory::CreateStruct() causing uncontrolled recursion/stack exhaustion and crash. This vulnerability is fixed in 2.3.1.5."}], "source": {"advisory": "GHSA-w478-77q7-2hc2", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-30980", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-10T19:26:00.547956Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T19:32:25.781Z"}}]}}