Amazon Linux 2023 : lcms2, lcms2-devel, lcms2-utils (ALAS2023-2026-1657)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1657 advisory. Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. CVE-2026-41254 Little CMS lcms2 2.16 through 2.1...