Perceptive Security
SOC/SIEM Consultancy
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in icFixXml() (s…
Published:
9 March 2026 at 23:00:00
Alert date:
10 March 2026 at 19:06:17
Source:
nvd.nist.gov
Supply Chain & Dependencies
iccDEV, a library and toolset for ICC color management profiles, contains a stack buffer overflow vulnerability in the icFixXml() function. The vulnerability stems from unsafe use of strcpy() which can cause stack memory corruption or application crashes. The issue affects versions prior to 2.3.1.5 and has been patched in version 2.3.1.5. This buffer overflow could potentially be exploited by attackers to achieve code execution or cause denial of service conditions.
Technical details
Mitigation steps:
Affected products:
iccDEV
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2026-30983
https://github.com/InternationalColorConsortium/iccDEV/issues/624
https://github.com/InternationalColorConsortium/iccDEV/pull/634
https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-h3ph-mwq5-3883
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.