{"schema_version":"1.7.2","id":"OESA-2026-2327","modified":"2026-05-15T14:01:58Z","published":"2026-05-15T14:01:58Z","upstream":["CVE-2026-42798"],"summary":"lcms2 security update","details":"LittleCMS intends to be an OPEN SOURSE small-footprint color management engine,with special focus on accuracy and performence.It uses the International Color Consortium standard (ICC), which is the modern standard when regarding to color management. The ICC specification is widely used and is referred to in many International and other de-facto standards.\r\n\r\nSecurity Fix(es):\n\nLittle CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c.(CVE-2026-42798)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS-SP3","name":"lcms2","purl":"pkg:rpm/openEuler/lcms2&distro=openEuler-24.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.16-3.oe2403sp3"}]}],"ecosystem_specific":{"aarch64":["lcms2-2.16-3.oe2403sp3.aarch64.rpm","lcms2-debuginfo-2.16-3.oe2403sp3.aarch64.rpm","lcms2-debugsource-2.16-3.oe2403sp3.aarch64.rpm","lcms2-devel-2.16-3.oe2403sp3.aarch64.rpm","lcms2-utils-2.16-3.oe2403sp3.aarch64.rpm"],"noarch":["lcms2-help-2.16-3.oe2403sp3.noarch.rpm"],"src":["lcms2-2.16-3.oe2403sp3.src.rpm"],"x86_64":["lcms2-2.16-3.oe2403sp3.x86_64.rpm","lcms2-debuginfo-2.16-3.oe2403sp3.x86_64.rpm","lcms2-debugsource-2.16-3.oe2403sp3.x86_64.rpm","lcms2-devel-2.16-3.oe2403sp3.x86_64.rpm","lcms2-utils-2.16-3.oe2403sp3.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2327"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42798"}],"database_specific":{"severity":"Medium"}}