SB2026043050 - Multiple vulnerabilities in iccDEV
Published: April 30, 2026 Updated: May 5, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 37 vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2026-31797)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information or cause a denial of service.
The vulnerability exists due to out-of-bounds read in CTiffImg::ReadLine() when iccApplyProfiles processes a crafted TIFF image. A remote attacker can trick the victim into processing a crafted TIFF image to disclose sensitive information or cause a denial of service.
User interaction is required to process the crafted TIFF image.
2) Heap-based buffer overflow (CVE-ID: CVE-2026-31796)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code or cause a denial of service.
The vulnerability exists due to heap-based buffer overflow in icCurvesFromXml() when parsing crafted XML input. A remote attacker can trick the victim into opening specially crafted XML content to execute arbitrary code or cause a denial of service.
User interaction is required to process the crafted XML content.
3) Stack-based buffer overflow (CVE-ID: CVE-2026-31795)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code or cause a denial of service.
The vulnerability exists due to stack-based buffer overflow in CIccXform3DLut::Apply() when processing crafted input. A remote attacker can trick the victim into processing crafted input to execute arbitrary code or cause a denial of service.
User interaction is required to process the crafted input.
4) Out-of-bounds read (CVE-ID: CVE-2026-31794)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to out-of-bounds read in CIccCLUT::Interp3d() when parsing crafted input. A remote attacker can supply crafted input to cause a denial of service.
User interaction is required to process the crafted input.
5) Out-of-bounds read (CVE-ID: CVE-2026-31793)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to out-of-bounds read in CIccCalculatorFunc::ApplySequence() when processing crafted input. A remote attacker can trigger a segmentation fault to cause a denial of service.
User interaction is required to process the crafted input.
6) NULL pointer dereference (CVE-ID: CVE-2026-31792)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a null pointer dereference in CIccTagXmlStruct::ParseTag() when parsing input. A remote attacker can trick the victim into processing crafted input to cause a denial of service.
User interaction is required to process the crafted input.
7) Stack-based buffer overflow (CVE-ID: CVE-2026-30987)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code or cause a denial of service.
The vulnerability exists due to stack-based buffer overflow in CIccTagNum<(icTagTypeSignature)>::GetValues() when parsing crafted input. A remote attacker can trick the victim into processing crafted input to execute arbitrary code or cause a denial of service.
User interaction is required to process the crafted input.
8) Heap-based buffer overflow (CVE-ID: CVE-2026-30986)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to heap-based buffer overflow in CIccMatrixMath::SetRange() when processing crafted input. A remote attacker can trigger the vulnerable code path to cause a denial of service.
User interaction is required to process malicious input.
9) Heap-based buffer overflow (CVE-ID: CVE-2026-30985)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code or cause a denial of service.
The vulnerability exists due to heap-based buffer overflow in CIccMatrixMath::SetRange() when parsing input. A remote attacker can trick the victim into processing crafted input to execute arbitrary code or cause a denial of service.
User interaction is required to process the crafted input.
10) Out-of-bounds read (CVE-ID: CVE-2026-30984)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to out-of-bounds read in CIccCalculatorFunc::ApplySequence() when parsing crafted input. A remote attacker can trick the victim into processing crafted input to cause a denial of service.
User interaction is required to process the crafted input.
11) Stack-based buffer overflow (CVE-ID: CVE-2026-30983)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to stack-based buffer overflow in icFixXml() when parsing crafted input. A remote attacker can trick the victim into processing specially crafted input to execute arbitrary code.
User interaction is required to process the crafted input.
12) Out-of-bounds read (CVE-ID: CVE-2026-30982)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information and cause a denial of service.
The vulnerability exists due to out-of-bounds read in CIccPcsXform::pushXYZConvert() when parsing crafted input. A remote attacker can trigger the vulnerable function with crafted input to disclose sensitive information and cause a denial of service.
User interaction is required to process the crafted input.
13) Out-of-bounds read (CVE-ID: CVE-2026-30981)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information and cause a denial of service.
The vulnerability exists due to out-of-bounds read in CIccXmlArrayType<>::DumpArray() when parsing input. A remote attacker can trick the victim into opening or processing specially crafted input to disclose sensitive information and cause a denial of service.
User interaction is required to process the crafted input.
14) Uncontrolled Recursion (CVE-ID: CVE-2026-30980)
CWE-ID: CWE-674 - Uncontrolled Recursion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to uncontrolled recursion in CIccBasicStructFactory::CreateStruct() when processing crafted input. A remote attacker can trigger uncontrolled recursion and stack exhaustion to cause a denial of service.
User interaction is required to process the crafted input.
15) Heap-based buffer overflow (CVE-ID: CVE-2026-30979)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp() when parsing crafted input. A remote attacker can trick the victim into processing crafted input to execute arbitrary code.
User interaction is required to process the crafted input.
16) Use-after-free (CVE-ID: CVE-2026-30978)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code or cause a denial of service.
The vulnerability exists due to use-after-free in CIccCmm::AddXform() when processing crafted input. A remote attacker can trigger an invalid vptr dereference to execute arbitrary code or cause a denial of service.
User interaction is required to process the crafted input.
17) NULL pointer dereference (CVE-ID: CVE-2026-34551)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to null pointer dereference in CIccTagLut16::Write() when processing a crafted ICC profile during iccTiffDump extraction and profile serialization. A remote attacker can supply a crafted ICC profile to cause a denial of service.
The crash is reported as a reference binding to a null pointer originating from CIccTagCurve::operator[].
18) Incorrect Conversion between Numeric Types (CVE-ID: CVE-2026-34550)
CWE-ID: CWE-681 - Incorrect Conversion between Numeric Types
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to incorrect conversion between numeric types in IccProfLib/IccIO.cpp when processing a crafted ICC profile in iccDumpProfileGui. A remote attacker can supply a specially crafted ICC profile to cause a denial of service.
The issue is triggered by an implicit conversion from a negative signed integer to size_t, which can lead to undefined behavior and unpredictable process behavior.
19) Reliance on undefined behavior (CVE-ID: CVE-2026-34549)
CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to reliance on undefined behavior in IccUtil.cpp when parsing a crafted input profile. A remote attacker can supply a crafted input profile to cause a denial of service.
The issue is triggered by invalid left shift operations on icUInt32Number reported at lines 1253, 1130, and 1088.
20) Incorrect Conversion between Numeric Types (CVE-ID: CVE-2026-34548)
CWE-ID: CWE-681 - Incorrect Conversion between Numeric Types
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to incorrect conversion between numeric types in IccUtilXml.cpp when processing a profile extracted from a crafted TIFF through the iccToXml XML conversion path. A remote attacker can supply a crafted TIFF-derived ICC profile to cause a denial of service.
The issue is triggered by an implicit conversion from a negative signed integer to an unsigned 32-bit value.
21) Reliance on undefined behavior (CVE-ID: CVE-2026-34547)
CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to reliance on undefined behavior in IccUtil.cpp when parsing a crafted ICC profile with iccDumpProfile. A remote attacker can supply a specially crafted ICC profile to cause a denial of service.
The issue is triggered while running iccDumpProfile on malformed profile data.
22) Division by zero (CVE-ID: CVE-2026-34546)
CWE-ID: CWE-369 - Divide By Zero
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to division by zero in TiffImg.h when parsing a crafted TIFF file with iccTiffDump. A remote attacker can supply a specially crafted TIFF file to cause a denial of service.
23) Stack-based buffer overflow (CVE-ID: CVE-2026-34542)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to stack-based buffer overflow in CIccCalculatorFunc::Apply() when processing a crafted ICC profile via iccApplyNamedCmm. A remote attacker can supply a specially crafted ICC profile to cause a denial of service.
The issue is reachable through the MPE calculator and curve set initialization path.
24) Path traversal (CVE-ID: CVE-2026-44647)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to path traversal in Git LFS pointer resolution when processing repository-controlled LFS metadata. A remote user can push a crafted repository object to disclose sensitive information.
Exploitation requires push permission to a repository.
25) NULL pointer dereference (CVE-ID: CVE-2026-34541)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to null pointer dereference in CIccCombinedConnectionConditions::CIccCombinedConnectionConditions() when processing a malformed ICC profile with iccApplyNamedCmm using the -PCC option. A remote attacker can supply a specially crafted ICC profile to cause a denial of service.
The issue is reported in IccProfLib/IccPcc.cpp.
26) Heap-based buffer overflow (CVE-ID: CVE-2026-34540)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to heap-based buffer overflow in icMemDump() when dumping malformed tag contents from a crafted ICC profile. A remote attacker can supply a crafted ICC profile to cause a denial of service.
The issue is reachable via CIccTagUnknown::Describe().
27) Heap-based buffer overflow (CVE-ID: CVE-2026-34539)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to heap-based buffer overflow in CTiffImg::WriteLine() when processing a crafted ICC profile and TIFF input. A remote attacker can supply a malicious .icc and .tif pair to cause a denial of service.
The issue is observable as an out-of-bounds heap read during TIFF strip writing in iccSpecSepToTiff.
28) Reliance on undefined behavior (CVE-ID: CVE-2026-34537)
CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to reliance on undefined behavior in CIccOpDefEnvVar::Exec() when processing a crafted ICC profile. A remote attacker can supply a crafted ICC profile with invalid enum values to cause a denial of service.
29) Uncontrolled Recursion (CVE-ID: CVE-2026-34536)
CWE-ID: CWE-674 - Uncontrolled Recursion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to uncontrolled recursion in SIccCalcOp::ArgsUsed() when processing a crafted ICC profile. A remote attacker can supply a malicious profile to cause a denial of service.
The issue is triggered when iccApplyProfiles processes the crafted profile.
30) Heap-based buffer overflow (CVE-ID: CVE-2026-34535)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to heap-based buffer overflow in CIccTagArray::Cleanup() when parsing a crafted ICC profile. A remote attacker can supply a malicious profile to cause a denial of service.
The issue is observable as misaligned member access and invalid reads that crash the process when running iccRoundTrip on the crafted profile.
31) Heap-based buffer overflow (CVE-ID: CVE-2026-34534)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to heap-based buffer overflow in CIccMpeSpectralMatrix::Describe() when parsing a crafted ICC profile. A remote attacker can supply a specially crafted ICC profile to cause a denial of service.
The issue is observable as an out-of-bounds heap read when running iccDumpProfile on a malicious profile.
32) Reliance on undefined behavior (CVE-ID: CVE-2026-34533)
CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to reliance on undefined behavior in CIccCalculatorFunc::ApplySequence() when processing a crafted ICC profile. A remote attacker can supply a crafted ICC profile with invalid enum values to cause a denial of service.
The issue is observable under UBSan as invalid values being loaded for icChannelFuncSignature.
33) Out-of-bounds read (CVE-ID: CVE-2026-34556)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to out-of-bounds read in icAnsiToUtf8() when parsing a crafted ICC profile in the XML conversion path. A remote attacker can supply a crafted ICC profile to cause a denial of service.
The issue is observed while running the iccToXml tool.
34) Stack-based buffer overflow (CVE-ID: CVE-2026-34555)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to stack-based buffer overflow in CIccTagFixedNum<>::GetValues() when processing a crafted ICC profile. A remote attacker can supply a crafted ICC profile to cause a denial of service.
The issue was observed as a write of size 4 overflowing a 4-byte stack variable through the call chain into CIccTagStruct::GetElemNumberValue().
35) Out-of-bounds read (CVE-ID: CVE-2026-34554)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to out-of-bounds read in CIccApplyCmmSearch::costFunc() when processing malformed JSON configuration input via the iccApplySearch tool. A remote attacker can supply a specially crafted -cfg JSON file to cause a denial of service.
36) Return of Stack Variable Address (CVE-ID: CVE-2026-34553)
CWE-ID: CWE-562 - Return of Stack Variable Address
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to modify CLUT output.
The vulnerability exists due to return of stack variable address in CIccCLUT::DumpLut() and output produced by CIccMBB::Describe() when dumping CLUT data. A remote attacker can process a crafted ICC profile to modify CLUT output.
The issue is associated with dangling references to stack arrays through temporary buffer usage during CLUT dumping.
37) NULL pointer dereference (CVE-ID: CVE-2026-34552)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to null pointer dereference in IccTagLut.cpp when processing a malformed ICC profile through the LUT application path. A remote attacker can supply a specially crafted ICC profile to cause a denial of service.
The issue was reported at IccTagLut.cpp:3181:31 while running iccRoundTrip on a provided ICC profile.
Remediation
Install update from vendor's website.
References
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wh2p-cm3r-7hm3
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-mv6h-vpcg-pwfx
- https://github.com/InternationalColorConsortium/iccDEV/issues/651
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wh5x-j6pq-pr3c
- https://github.com/InternationalColorConsortium/iccDEV/issues/649
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-6jrq-wfqg-wv7w
- https://github.com/InternationalColorConsortium/iccDEV/issues/645
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-vgr5-3xqx-vcqx
- https://github.com/InternationalColorConsortium/iccDEV/issues/644
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-j3mh-rjg5-8gw7
- https://github.com/InternationalColorConsortium/iccDEV/issues/633
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-fj57-gfhq-rjqr
- https://github.com/InternationalColorConsortium/iccDEV/issues/618
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-w3g9-rmvh-49gh
- https://github.com/InternationalColorConsortium/iccDEV/pull/637
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-f9wv-cq46-f9wg
- https://github.com/InternationalColorConsortium/iccDEV/issues/621
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-g9w6-5xm9-v5xj
- https://github.com/InternationalColorConsortium/iccDEV/issues/623
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-h3ph-mwq5-3883
- https://github.com/InternationalColorConsortium/iccDEV/issues/624
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-7ww3-h4w6-x5hf
- https://github.com/InternationalColorConsortium/iccDEV/issues/625
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-pmcg-2h65-35h8
- https://github.com/InternationalColorConsortium/iccDEV/issues/627
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-w478-77q7-2hc2
- https://github.com/InternationalColorConsortium/iccDEV/issues/629
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-8c76-67wr-hrp4
- https://github.com/InternationalColorConsortium/iccDEV/issues/617
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-97mf-f6r7-q9q4
- https://github.com/InternationalColorConsortium/iccDEV/issues/612
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-jmx9-9xmx-g57h
- https://github.com/InternationalColorConsortium/iccDEV/pull/728
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-rmxp-pxf4-p7wm
- https://github.com/InternationalColorConsortium/iccDEV/pull/727
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-v7qh-f995-p2fq
- https://github.com/InternationalColorConsortium/iccDEV/pull/726
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-prwp-9gv6-ccxv
- https://github.com/InternationalColorConsortium/iccDEV/pull/725
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-v8h6-8hxj-j7ff
- https://github.com/InternationalColorConsortium/iccDEV/pull/724
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-fxgq-wf5v-25pq
- https://github.com/InternationalColorConsortium/iccDEV/issues/719
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-6749-6859-wf96
- https://github.com/InternationalColorConsortium/iccDEV/issues/678
- https://github.com/theonedev/onedev/security/advisories/GHSA-59wq-74xg-w85v
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-9p35-7hp5-4hg4
- https://github.com/InternationalColorConsortium/iccDEV/pull/691
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-gjx3-6cp6-q2x5
- https://github.com/InternationalColorConsortium/iccDEV/issues/674
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4f3j-q8mm-5hr6
- https://github.com/InternationalColorConsortium/iccDEV/pull/686
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-3m63-c4jf-592f
- https://github.com/InternationalColorConsortium/iccDEV/issues/670
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-cr68-xp9x-8597
- https://github.com/InternationalColorConsortium/iccDEV/pull/684
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-965q-9pp6-6vw5
- https://github.com/InternationalColorConsortium/iccDEV/pull/683
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-7x9w-g476-wcc2
- https://github.com/InternationalColorConsortium/iccDEV/issues/665
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-8jj3-77m7-c3pq
- https://github.com/InternationalColorConsortium/iccDEV/pull/681
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-p9wm-xfv4-43qg
- https://github.com/InternationalColorConsortium/iccDEV/issues/734
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-983c-rgh5-4982
- https://github.com/InternationalColorConsortium/iccDEV/pull/739
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-hqc7-5pgc-9672
- https://github.com/InternationalColorConsortium/iccDEV/issues/700
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-5r4q-77w5-3q3h
- https://github.com/InternationalColorConsortium/iccDEV/pull/737
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wgh5-wvv2-r8pq
- https://github.com/InternationalColorConsortium/iccDEV/pull/730