Amazon Linux 2023 : lcms2, lcms2-devel, lcms2-utils (ALAS2023-2026-1657)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1657 advisory. Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. CVE-2026-41254 Tenable has extracted the preceding...

OESA-2026-2128 lcms2 security update

LittleCMS intends to be an OPEN SOURSE small-footprint color management engine,with special focus on accuracy and performence.It uses the International Color Consortium standard ICC, which is the modern standard when regarding to color management. The ICC specification is widely used and is...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper validation in the CubeSize function in cmslut.c. An attacker can cause an integer overflow by providing crafted input that triggers the multiplication before the overflow check, potentially...

ALPINE-CVE-2026-41254

Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication...

EUVD-2026-23668

Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication...

CVE-2026-41254

Little CMS (lcms2) up to version 2.18 contains an integer overflow in CubeSize within cmslut.c because the overflow check is performed after the multiplication. This is documented across multiple sources (NVD/NIST, CVE-2026-41254; Ubuntu USN-8209-1; Alpine/FreeBSD/Debian advisories). Ubuntu advis...

CVE-2026-41254

Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication...

CVE-2026-41254

Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication...

CVE-2026-41254

Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication...

PT-2026-33596

Name of the Vulnerable Software and Affected Versions Little CMS lcms2 versions prior to 2.19 Description An integer overflow occurs in the CubeSize calculation within the cmslut.c file because the overflow check is executed after the multiplication operation. Recommendations Update to a version...

CVE-2018-11556

tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to t...

PT-2018-10664 · Little Cms +1 · Little Cms +1

Name of the Vulnerable Software and Affected Versions: Little CMS version 2.9 Description: The issue is related to an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a, which can be triggered via a crafted TIFF file. However, the Little CMS developers...