CVE-2026-41254

Summary

Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.

Affected Software

VendorProductVersion RangeStatus
littlecmslittle cms color engine0 <= 2.18affected

Weaknesses

  • CWE-696: CWE-696 Incorrect Behavior Order

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References