CVE-2026-42798 MEDIUM

CVE-2026-42798

Vendor Littlecms
Product little cms color engine
Weakness CWE-190
Published April 30, 2026
Last update April 30, 2026

CVSS base score

4.0/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

What the vulnerability does

01Description

Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c.

Key dates

02Disclosure timeline

April 30, 2026 CVE published
April 30, 2026 Record updated