2459420 – (CVE-2026-41254) CVE-2026-41254 Little CMS: lcms2: mm2/Little-CMS: Little CMS: Information disclosure or denial of service via integer overflow in CubeSize

Bug 2459420 (CVE-2026-41254) - CVE-2026-41254 Little CMS: lcms2: mm2/Little-CMS: Little CMS: Information disclosure or denial of service via integer overflow in CubeSize

Summary: CVE-2026-41254 Little CMS: lcms2: mm2/Little-CMS: Little CMS: Information dis...

Keywords:
Status:	NEW
Alias:	CVE-2026-41254
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2459627 2459628 2459629 2459630 2459631 2459632 2459633 2459634 2459635 2459636 2459637
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-18 07:01 UTC by OSIDB Bzimport
Modified:	2026-04-23 04:40 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-18 07:01:29 UTC

Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.

Comment 3 abhinav agarwal 2026-04-23 04:40:12 UTC

This has been rescored by nvd to 7.5 (high) Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

https://nvd.nist.gov/vuln/detail/CVE-2026-41254

Writeup with exploit: https://abhinavagarwal07.github.io/posts/lcms2-cubesize-overflow/

Note You need to log in before you can comment on or make changes to this bug.