{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41254", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-04-18T06:43:13.323Z", "datePublished": "2026-04-18T06:43:13.741Z", "dateUpdated": "2026-04-18T06:43:42.580Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "little cms color engine", "vendor": "littlecms", "versions": [{"lessThanOrEqual": "2.18", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-696", "description": "CWE-696 Incorrect Behavior Order", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-18T06:43:42.580Z"}, "references": [{"url": "https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0"}, {"url": "https://github.com/mm2/Little-CMS/commit/e0641b1828d0a1af5ecb1b11fe22f24fceefd4bc"}, {"url": "https://www.openwall.com/lists/oss-security/2026/04/17/16"}, {"url": "https://github.com/mm2/Little-CMS/security/advisories/GHSA-4xp6-rcgg-m9qq"}, {"url": "https://abhinavagarwal07.github.io/posts/lcms2-cubesize-overflow/"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.18"}]}]}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication."}], "id": "CVE-2026-41254", "lastModified": "2026-04-18T07:16:10.807", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 2.5, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2026-04-18T07:16:10.807", "references": [{"source": "cve@mitre.org", "url": "https://abhinavagarwal07.github.io/posts/lcms2-cubesize-overflow/"}, {"source": "cve@mitre.org", "url": "https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0"}, {"source": "cve@mitre.org", "url": "https://github.com/mm2/Little-CMS/commit/e0641b1828d0a1af5ecb1b11fe22f24fceefd4bc"}, {"source": "cve@mitre.org", "url": "https://github.com/mm2/Little-CMS/security/advisories/GHSA-4xp6-rcgg-m9qq"}, {"source": "cve@mitre.org", "url": "https://www.openwall.com/lists/oss-security/2026/04/17/16"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-696"}], "source": "cve@mitre.org", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.18]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "little cms color engine", "source": "cna", "vendor": "littlecms"}, "product": "little_cms_color_engine", "vendor": "littlecms"}], "analysis": {"en": {"generated_at": "2026-04-18T08:36:46.007981+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest Little CMS release that addresses the CubeSize calculation bug; consult the project\u2019s changelog for the applicable patch.", "If an upgrade is not immediately possible, validate all input parameters that reach the CubeSize routine and enforce bounds checks to prevent excessively large values from being processed.", "Monitor applications that use Little CMS for abnormal crashes or memory errors, and apply additional hardening such as memory protection mechanisms (ASLR, stack canaries) to reduce the impact of potential exploitation."], "summary": {"action": "Assess Impact", "impact": "Memory Corruption"}, "threat_synthesis": {"affected_systems": "The Little CMS Color Engine, specifically all releases up to and including 2.18, is affected. The vulnerability originates from the lcms2 source code and is therefore present in any software that links to this library without an updated version.", "description_and_impact": "Little CMS (lcms2) up to version 2.18 contains an integer overflow in the CubeSize function in cmslut.c, because the overflow check is performed after the multiplication. This defect can cause an incorrectly calculated size value, leading to memory corruption when the library allocates space for lookup tables. The flaw is categorized as CWE-696, which denotes an incorrect order of operations that can result in unexpected behavior or crashes.", "risk_and_exploitability": "The CVSS score of 4.0 indicates a moderate severity. EPSS information is unavailable, and the vulnerability is not listed in CISA's KEV catalog. The attack vector is not explicitly documented, but integer overflows in library components typically require the attacker to supply crafted input\u2014such as image data processed by the affected functions\u2014in order to trigger the overflow. If successfully exploitable, the overflow could lead to a denial\u2011of\u2011service condition or, in vulnerable contexts, arbitrary code execution through secondary memory corruption."}}}}, "created": "2026-04-18T08:45:41.377252+00:00", "updated": "2026-04-18T09:00:05.714060+00:00", "vendors": ["littlecms", "littlecms$PRODUCT$little_cms_color_engine"]}