CVE-2026-41254 MEDIUM

CVE-2026-41254

Vendor Littlecms
Product little cms color engine
Weakness CWE-696
Published April 18, 2026
Last update May 7, 2026

CVSS base score

4.0/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

What the vulnerability does

01Description

Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.

Key dates

02Disclosure timeline

April 18, 2026 CVE published
May 7, 2026 Record updated