CVE-2026-41254

· NIST NVD ↗

Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.

MEDIUM
CVSS severity
4
CVSS base score
2026-04-18
Published

CWE codes

CWE-696CWE-190

Affected products

littlecms:little_cms

Sources