TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2026-41254

MEDIUM
4.0

Beschreibung

Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.

CVE Details

CVSS v3.1 Bewertung4.0
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
AngriffsvektorLOCAL
KomplexitatHIGH
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht4/18/2026
Zuletzt geandert4/22/2026
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

littlecms:little_cms

Schwachen (CWE)

CWE-696CWE-190

Referenzen

https://abhinavagarwal07.github.io/posts/lcms2-cubesize-overflow/(cve@mitre.org)
https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0(cve@mitre.org)
https://github.com/mm2/Little-CMS/commit/e0641b1828d0a1af5ecb1b11fe22f24fceefd4bc(cve@mitre.org)
https://github.com/mm2/Little-CMS/security/advisories/GHSA-4xp6-rcgg-m9qq(cve@mitre.org)
https://www.openwall.com/lists/oss-security/2026/04/17/16(cve@mitre.org)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.