CVE-2026-41254
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
4.0 / 10
Vector String
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Vulnerability Description
Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-696
Source
NVD
Vendor
littlecms
Product
little cms color engine
External References
- https://abhinavagarwal07.github.io/posts/lcms2-cubesize-overflow/
- https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0
- https://github.com/mm2/Little-CMS/commit/e0641b1828d0a1af5ecb1b11fe22f24fceefd4bc
- https://github.com/mm2/Little-CMS/security/advisories/GHSA-4xp6-rcgg-m9qq
- https://www.openwall.com/lists/oss-security/2026/04/17/16
Discussion (0)
Add Comment
No comments yet. Be the first!