7.5
CVE-2026-41254
- EPSS 0.37%
- Veröffentlicht 18.04.2026 06:43:13
- Zuletzt bearbeitet 07.05.2026 18:16:19
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Littlecms ≫ Little Cms Version <= 2.18
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.281 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| cve@mitre.org | 4 | 1.4 | 2.5 |
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
CWE-696 Incorrect Behavior Order
The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways that may produce resultant weaknesses.
https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0
https://github.com/mm2/Little-CMS/commit/e0641b1828d0a1af5ecb1b11fe22f24fceefd4bc
https://www.openwall.com/lists/oss-security/2026/04/17/16
https://github.com/mm2/Little-CMS/security/advisories/GHSA-4xp6-rcgg-m9qq
https://abhinavagarwal07.github.io/posts/lcms2-cubesize-overflow/
https://lists.debian.org/debian-lts-announce/2026/05/msg00014.html