{"id":"CVE-2026-42798","details":"Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c.","modified":"2026-07-15T01:48:54.620865817Z","published":"2026-04-30T06:34:13.323Z","related":["SUSE-SU-2026:22070-1","SUSE-SU-2026:22506-1","openSUSE-SU-2026:21202-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42798.json","cna_assigner":"mitre","cwe_ids":["CWE-190"]},"references":[{"type":"WEB","url":"https://github.com/mm2/Little-CMS/compare/lcms2.18...lcms2.19"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2026/04/30/8"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42798.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42798"},{"type":"FIX","url":"https://github.com/mm2/Little-CMS/commit/6a686019825a89b715d16671f18d049523354176"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mm2/little-cms","events":[{"introduced":"453bafeb85b4ef96498866b7a8eadcc74dff9223"},{"fixed":"b76633e60c8387a77268fb3359277ca25b5fd75c"}],"database_specific":{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"2.16"},{"fixed":"2.19"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-42798.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}]}