OESA-2026-2128
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2128
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2026-2128.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2026-2128
- Upstream
- Published
- 2026-05-03T09:55:33Z
- Modified
- 2026-05-03T10:19:59.475924Z
- Summary
- lcms2 security update
- Details
-
LittleCMS intends to be an OPEN SOURSE small-footprint color management engine,with special focus on accuracy and performence.It uses the International Color Consortium standard (ICC), which is the modern standard when regarding to color management. The ICC specification is widely used and is referred to in many International and other de-facto standards.
Security Fix(es):
Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.(CVE-2026-41254)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:20.03-LTS-SP4
lcms2
Package
- Name
- lcms2
- Purl
- pkg:rpm/openEuler/lcms2&distro=openEuler-20.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.11-2.oe2003sp4
Ecosystem specific
{
"x86_64": [
"lcms2-2.11-2.oe2003sp4.x86_64.rpm",
"lcms2-debuginfo-2.11-2.oe2003sp4.x86_64.rpm",
"lcms2-debugsource-2.11-2.oe2003sp4.x86_64.rpm",
"lcms2-devel-2.11-2.oe2003sp4.x86_64.rpm",
"lcms2-utils-2.11-2.oe2003sp4.x86_64.rpm"
],
"aarch64": [
"lcms2-2.11-2.oe2003sp4.aarch64.rpm",
"lcms2-debuginfo-2.11-2.oe2003sp4.aarch64.rpm",
"lcms2-debugsource-2.11-2.oe2003sp4.aarch64.rpm",
"lcms2-devel-2.11-2.oe2003sp4.aarch64.rpm",
"lcms2-utils-2.11-2.oe2003sp4.aarch64.rpm"
],
"noarch": [
"lcms2-help-2.11-2.oe2003sp4.noarch.rpm"
],
"src": [
"lcms2-2.11-2.oe2003sp4.src.rpm"
]
}openEuler:22.03-LTS-SP4
lcms2
Package
- Name
- lcms2
- Purl
- pkg:rpm/openEuler/lcms2&distro=openEuler-22.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.13.1-3.oe2203sp4
Ecosystem specific
{
"x86_64": [
"lcms2-2.13.1-3.oe2203sp4.x86_64.rpm",
"lcms2-debuginfo-2.13.1-3.oe2203sp4.x86_64.rpm",
"lcms2-debugsource-2.13.1-3.oe2203sp4.x86_64.rpm",
"lcms2-devel-2.13.1-3.oe2203sp4.x86_64.rpm",
"lcms2-utils-2.13.1-3.oe2203sp4.x86_64.rpm"
],
"aarch64": [
"lcms2-2.13.1-3.oe2203sp4.aarch64.rpm",
"lcms2-debuginfo-2.13.1-3.oe2203sp4.aarch64.rpm",
"lcms2-debugsource-2.13.1-3.oe2203sp4.aarch64.rpm",
"lcms2-devel-2.13.1-3.oe2203sp4.aarch64.rpm",
"lcms2-utils-2.13.1-3.oe2203sp4.aarch64.rpm"
],
"noarch": [
"lcms2-help-2.13.1-3.oe2203sp4.noarch.rpm"
],
"src": [
"lcms2-2.13.1-3.oe2203sp4.src.rpm"
]
}openEuler:24.03-LTS
lcms2
Package
- Name
- lcms2
- Purl
- pkg:rpm/openEuler/lcms2&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.16-2.oe2403sp3
Ecosystem specific
{
"x86_64": [
"lcms2-2.16-2.oe2403.x86_64.rpm",
"lcms2-debuginfo-2.16-2.oe2403.x86_64.rpm",
"lcms2-debugsource-2.16-2.oe2403.x86_64.rpm",
"lcms2-devel-2.16-2.oe2403.x86_64.rpm",
"lcms2-utils-2.16-2.oe2403.x86_64.rpm",
"lcms2-2.16-2.oe2403sp1.x86_64.rpm",
"lcms2-debuginfo-2.16-2.oe2403sp1.x86_64.rpm",
"lcms2-debugsource-2.16-2.oe2403sp1.x86_64.rpm",
"lcms2-devel-2.16-2.oe2403sp1.x86_64.rpm",
"lcms2-utils-2.16-2.oe2403sp1.x86_64.rpm",
"lcms2-2.16-2.oe2403sp3.x86_64.rpm",
"lcms2-debuginfo-2.16-2.oe2403sp3.x86_64.rpm",
"lcms2-debugsource-2.16-2.oe2403sp3.x86_64.rpm",
"lcms2-devel-2.16-2.oe2403sp3.x86_64.rpm",
"lcms2-utils-2.16-2.oe2403sp3.x86_64.rpm"
],
"aarch64": [
"lcms2-2.16-2.oe2403.aarch64.rpm",
"lcms2-debuginfo-2.16-2.oe2403.aarch64.rpm",
"lcms2-debugsource-2.16-2.oe2403.aarch64.rpm",
"lcms2-devel-2.16-2.oe2403.aarch64.rpm",
"lcms2-utils-2.16-2.oe2403.aarch64.rpm",
"lcms2-2.16-2.oe2403sp1.aarch64.rpm",
"lcms2-debuginfo-2.16-2.oe2403sp1.aarch64.rpm",
"lcms2-debugsource-2.16-2.oe2403sp1.aarch64.rpm",
"lcms2-devel-2.16-2.oe2403sp1.aarch64.rpm",
"lcms2-utils-2.16-2.oe2403sp1.aarch64.rpm",
"lcms2-2.16-2.oe2403sp3.aarch64.rpm",
"lcms2-debuginfo-2.16-2.oe2403sp3.aarch64.rpm",
"lcms2-debugsource-2.16-2.oe2403sp3.aarch64.rpm",
"lcms2-devel-2.16-2.oe2403sp3.aarch64.rpm",
"lcms2-utils-2.16-2.oe2403sp3.aarch64.rpm"
],
"noarch": [
"lcms2-help-2.16-2.oe2403.noarch.rpm",
"lcms2-help-2.16-2.oe2403sp1.noarch.rpm",
"lcms2-help-2.16-2.oe2403sp3.noarch.rpm"
],
"src": [
"lcms2-2.16-2.oe2403.src.rpm",
"lcms2-2.16-2.oe2403sp1.src.rpm",
"lcms2-2.16-2.oe2403sp3.src.rpm"
]
}openEuler:24.03-LTS-SP1
lcms2
Package
- Name
- lcms2
- Purl
- pkg:rpm/openEuler/lcms2&distro=openEuler-24.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.16-2.oe2403sp1
Ecosystem specific
{
"x86_64": [
"lcms2-2.16-2.oe2403sp1.x86_64.rpm",
"lcms2-debuginfo-2.16-2.oe2403sp1.x86_64.rpm",
"lcms2-debugsource-2.16-2.oe2403sp1.x86_64.rpm",
"lcms2-devel-2.16-2.oe2403sp1.x86_64.rpm",
"lcms2-utils-2.16-2.oe2403sp1.x86_64.rpm"
],
"aarch64": [
"lcms2-2.16-2.oe2403sp1.aarch64.rpm",
"lcms2-debuginfo-2.16-2.oe2403sp1.aarch64.rpm",
"lcms2-debugsource-2.16-2.oe2403sp1.aarch64.rpm",
"lcms2-devel-2.16-2.oe2403sp1.aarch64.rpm",
"lcms2-utils-2.16-2.oe2403sp1.aarch64.rpm"
],
"noarch": [
"lcms2-help-2.16-2.oe2403sp1.noarch.rpm"
],
"src": [
"lcms2-2.16-2.oe2403sp1.src.rpm"
]
}openEuler:24.03-LTS-SP3
lcms2
Package
- Name
- lcms2
- Purl
- pkg:rpm/openEuler/lcms2&distro=openEuler-24.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.16-2.oe2403sp3
Ecosystem specific
{
"x86_64": [
"lcms2-2.16-2.oe2403sp3.x86_64.rpm",
"lcms2-debuginfo-2.16-2.oe2403sp3.x86_64.rpm",
"lcms2-debugsource-2.16-2.oe2403sp3.x86_64.rpm",
"lcms2-devel-2.16-2.oe2403sp3.x86_64.rpm",
"lcms2-utils-2.16-2.oe2403sp3.x86_64.rpm"
],
"aarch64": [
"lcms2-2.16-2.oe2403sp3.aarch64.rpm",
"lcms2-debuginfo-2.16-2.oe2403sp3.aarch64.rpm",
"lcms2-debugsource-2.16-2.oe2403sp3.aarch64.rpm",
"lcms2-devel-2.16-2.oe2403sp3.aarch64.rpm",
"lcms2-utils-2.16-2.oe2403sp3.aarch64.rpm"
],
"noarch": [
"lcms2-help-2.16-2.oe2403sp3.noarch.rpm"
],
"src": [
"lcms2-2.16-2.oe2403sp3.src.rpm"
]
}