CVE-2026-30981

EPSS 0.01%
Veröffentlicht 10.03.2026 17:49:31
Zuletzt bearbeitet 13.03.2026 20:28:34
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-buffer-overflow read in CIccXmlArrayType<>::DumpArray() causing out-of-bounds read and/or crash. This vulnerability is fixed in 2.3.1.5.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 3 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Color ≫ Iccdev Version < 2.3.1.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.015

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	6.1	1.8	4.2	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5

Product

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-pmcg-2h65-35h8

Patch

Vendor Advisory

https://github.com/InternationalColorConsortium/iccDEV/issues/627

Issue Tracking

https://github.com/InternationalColorConsortium/iccDEV/pull/631