Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 26 Apr 2026 10:04:21 +0000
From:      Daniel Engberg <diizzy@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 5e13c27cbe1a - main - security/vuxml: Add entry for lcms2 CVE-2026-41254
Message-ID:  <69ede325.3a6f8.39246926@gitrepo.freebsd.org>

index | next in thread | raw e-mail

The branch main has been updated by diizzy:

URL: https://cgit.FreeBSD.org/ports/commit/?id=5e13c27cbe1ab326622afa1bb7790faa9ba41eec

commit 5e13c27cbe1ab326622afa1bb7790faa9ba41eec
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2026-04-26 09:56:23 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2026-04-26 09:57:38 +0000

    security/vuxml: Add entry for lcms2 CVE-2026-41254
    
    Integer overflow
---
 security/vuxml/vuln/2026.xml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml
index b915de9d6315..4950e3d065f5 100644
--- a/security/vuxml/vuln/2026.xml
+++ b/security/vuxml/vuln/2026.xml
@@ -1,3 +1,31 @@
+  <vuln vid="ca62e49c-4150-11f1-95f7-00a098b42aeb">
+    <topic>lcms2 -- Integer overflow</topic>
+    <affects>
+    <package>
+	<name>lcms2</name>
+	<range><lt>2.19</lt></range>
+    </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0 reports:</p>
+	<blockquote cite="https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0">;
+	  <p>Little CMS (lcms2) through 2.18 has an integer overflow in
+	  CubeSize in cmslut.c because the overflow check is performed after
+	  the multiplication.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2026-41254</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2026-41254</url>;
+    </references>
+    <dates>
+      <discovery>2026-04-18</discovery>
+      <entry>2026-04-26</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="73b927a6-3ecd-11f1-be20-2cf05da270f3">
     <topic>Gitlab -- vulnerabilities</topic>
     <affects>


home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69ede325.3a6f8.39246926>