CVE-2026-30980 identifies a stack-based buffer overflow vulnerability in the iccDEV library, a set of tools and libraries used for handling ICC color management profiles. The vulnerability resides in the CIccBasicStructFactory::CreateStruct() function, where improper handling of input data leads to uncontrolled recursion. This recursion causes stack exhaustion, resulting in a buffer overflow and ultimately an application crash. The flaw is categorized under CWE-121 (stack-based buffer overflow), CWE-400 (uncontrolled resource consumption), and CWE-674 (uncontrolled recursion). This vulnerability affects all iccDEV versions prior to 2.3.1.5 and was publicly disclosed on March 10, 2026. The CVSS v3.1 score is 5.5 (medium severity), reflecting that exploitation requires local access (AV:L), low attack complexity (AC:L), no privileges (PR:N), and user interaction (UI:R). The impact is limited to availability as the crash disrupts normal operation, with no direct impact on confidentiality or integrity. No known exploits have been reported in the wild, but the vulnerability could be leveraged by attackers to cause denial of service in applications relying on iccDEV for color profile processing. The issue is resolved in iccDEV version 2.3.1.5, where input validation and recursion control have been improved to prevent stack exhaustion.

The primary impact of CVE-2026-30980 is on the availability of applications using vulnerable versions of iccDEV. Attackers with local access and the ability to provide crafted input can trigger a stack overflow via uncontrolled recursion, causing application crashes or denial of service. This can disrupt workflows in industries relying on color management, such as digital imaging, printing, photography, and media production. While the vulnerability does not compromise confidentiality or integrity, repeated crashes can lead to operational downtime and potential loss of productivity. Organizations embedding iccDEV in their software or using third-party tools dependent on it may face service interruptions. Since exploitation requires user interaction and local access, remote exploitation risk is low, but insider threats or malicious users on shared systems could exploit this flaw. No known exploits in the wild reduce immediate risk, but the vulnerability remains a concern until patched.

1. Upgrade all instances of iccDEV to version 2.3.1.5 or later, where the vulnerability is fixed. 2. Implement strict input validation and sanitization for any data processed by iccDEV, especially untrusted or user-supplied ICC profiles. 3. Restrict local access to systems running vulnerable iccDEV versions to trusted users only, minimizing the risk of malicious input. 4. Monitor application logs and system behavior for signs of crashes or stack exhaustion related to ICC profile processing. 5. Employ application sandboxing or containerization to isolate iccDEV-dependent processes, limiting the impact of potential crashes. 6. Educate users about the risks of opening untrusted ICC profiles and enforce policies to avoid processing profiles from unknown sources. 7. Coordinate with software vendors and third-party tool providers to ensure they have applied the patch or mitigations in their products. 8. Consider implementing runtime protections such as stack canaries and address space layout randomization (ASLR) to reduce exploitation likelihood.