CVE-2026-41254

MEDIUM

Little CMS 2.18 - Integer Overflow

Title source: llm

Description

Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.

References (5)

Scores

CVSS v3 4.0
EPSS 0.0004
EPSS Percentile 11.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Details

CWE
CWE-190 CWE-696
Status published
Products (2)
littlecms/little_cms < 2.18
littlecms/little cms color engine < 2.18
Published Apr 18, 2026
Tracked Since Apr 18, 2026