FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

lcms2 -- Integer overflow

Affected packages
lcms2 < 2.19

Details

VuXML ID ca62e49c-4150-11f1-95f7-00a098b42aeb
Discovery 2026-04-18
Entry 2026-04-26

https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0 reports:

Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.

[source]

References

CVE Name CVE-2026-41254
URL https://cveawg.mitre.org/api/cve/CVE-2026-41254

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.