Ghostwire

CVE-2026-42798: Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c.

MEDIUM CVSS 4.0 Exploit Available

Published: April 30, 2026 | Last Modified: April 30, 2026

Description

Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c.

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References

github.com/mm2/Little-CMS/commit/6a686019825a89b715d16671f18d049523354176
github.com/mm2/Little-CMS/compare/lcms2.18...lcms2.19
www.openwall.com/lists/oss-security/2026/04/30/8
www.tenable.com/cve/CVE-2026-42798
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-42798