CVE-2026-41254

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Little CMS (lcms2) versions prior to 2.19

Description An integer overflow occurs in the CubeSize calculation within the cmslut.c file because the overflow check is executed after the multiplication operation.

Recommendations Update to a version newer than 2.18.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-696CWE-190

Related Identifiers

CVE-2026-41254

ECHO-9584-7CF3-54EC

OESA-2026-2128

USN-8209-1

USN-8209-2

Affected Products

Linuxmint

Little Cms

Ubuntu

CVE-2026-41254

Weakness Enumeration

Related Identifiers

Affected Products

References · 28