CVE-2026-30984

EPSS 0.01%
Veröffentlicht 10.03.2026 17:53:49
Zuletzt bearbeitet 13.03.2026 20:29:03
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccCalculatorFunc::ApplySequence() causing an application crash. This vulnerability is fixed in 2.3.1.5.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Color ≫ Iccdev Version < 2.3.1.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.015

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	6.1	1.8	4.2	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5

Product

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-g9w6-5xm9-v5xj

Patch

Vendor Advisory

https://github.com/InternationalColorConsortium/iccDEV/issues/623

Issue Tracking

https://github.com/InternationalColorConsortium/iccDEV/pull/635

Patch

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-30984

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-30984

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-30984

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-30984