OESA-2026-2325
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2325
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2026-2325.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2026-2325
- Upstream
- Published
- 2026-05-15T14:01:55Z
- Modified
- 2026-05-15T14:15:11.896313Z
- Summary
- lcms2 security update
- Details
-
LittleCMS intends to be an OPEN SOURSE small-footprint color management engine,with special focus on accuracy and performence.It uses the International Color Consortium standard (ICC), which is the modern standard when regarding to color management. The ICC specification is widely used and is referred to in many International and other de-facto standards.
Security Fix(es):
Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c.(CVE-2026-42798)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:24.03-LTS / lcms2
Package
- Name
- lcms2
- Purl
- pkg:rpm/openEuler/lcms2&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.16-3.oe2403
Ecosystem specific
{
"x86_64": [
"lcms2-2.16-3.oe2403.x86_64.rpm",
"lcms2-debuginfo-2.16-3.oe2403.x86_64.rpm",
"lcms2-debugsource-2.16-3.oe2403.x86_64.rpm",
"lcms2-devel-2.16-3.oe2403.x86_64.rpm",
"lcms2-utils-2.16-3.oe2403.x86_64.rpm"
],
"src": [
"lcms2-2.16-3.oe2403.src.rpm"
],
"noarch": [
"lcms2-help-2.16-3.oe2403.noarch.rpm"
],
"aarch64": [
"lcms2-2.16-3.oe2403.aarch64.rpm",
"lcms2-debuginfo-2.16-3.oe2403.aarch64.rpm",
"lcms2-debugsource-2.16-3.oe2403.aarch64.rpm",
"lcms2-devel-2.16-3.oe2403.aarch64.rpm",
"lcms2-utils-2.16-3.oe2403.aarch64.rpm"
]
}