Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.1
iccDEV Color Management Tools: Out-of-Bounds Read Can Crash Software
CVE-2026-30981
Summary
Using iccDEV tools before version 2.3.1.5 can cause them to crash or become unstable when working with certain color profiles. This is a security risk because it could lead to system crashes or data corruption. Upgrade to version 2.3.1.5 or later to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| color | iccdev | <= 2.3.1.5 | – |
Original title
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-buffer-overflow read in CIccXmlArrayType<>::DumpArray() causing out-of...
Original description
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-buffer-overflow read in CIccXmlArrayType<>::DumpArray() causing out-of-bounds read and/or crash. This vulnerability is fixed in 2.3.1.5.
nvd CVSS3.1
6.1
Vulnerability type
CWE-120
Classic Buffer Overflow
CWE-125
Out-of-bounds Read
CWE-787
Out-of-bounds Write
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026