Littlecms Little Cms Color Engine
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Littlecms Little Cms Color Engine.
By the Year
In 2026 there have been 2 vulnerabilities in Littlecms Little Cms Color Engine with an average score of 4.0 out of ten. Little Cms Color Engine did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 4.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 5.50 |
It may take a day or so for new Little Cms Color Engine vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Littlecms Little Cms Color Engine Security Vulnerabilities
Integer Overflow in cmscgats.c ParseCube in Little CMS 2.16-2.18
CVE-2026-42798
4 - Medium
- April 30, 2026
Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c.
Integer Overflow or Wraparound
Little CMS lcms2 <=2.18 Integer Overflow in CubeSize (cmslut.c)
CVE-2026-41254
4 - Medium
- April 18, 2026
Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.
Incorrect Behavior Order
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function
CVE-2018-16435
5.5 - Medium
- September 04, 2018
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
Memory Corruption
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2)
CVE-2016-10165
7.1 - High
- February 03, 2017
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Littlecms Little Cms Color Engine or by Littlecms? Click the Watch button to subscribe.
