An update for lcms2 is now available for openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2128 Final 1.0 1.0 2026-05-03 Initial 2026-05-03 2026-05-03 openEuler SA Tool V1.0 2026-05-03 lcms2 security update An update for lcms2 is now available for openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4 LittleCMS intends to be an OPEN SOURSE small-footprint color management engine,with special focus on accuracy and performence.It uses the International Color Consortium standard (ICC), which is the modern standard when regarding to color management. The ICC specification is widely used and is referred to in many International and other de-facto standards. Security Fix(es): Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.(CVE-2026-41254) An update for lcms2 is now available for openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High lcms2 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2128 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-41254 https://nvd.nist.gov/vuln/detail/CVE-2026-41254 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 openEuler-20.03-LTS-SP4 lcms2-help-2.13.1-3.oe2203sp4.noarch.rpm lcms2-help-2.16-2.oe2403.noarch.rpm lcms2-help-2.16-2.oe2403sp1.noarch.rpm lcms2-help-2.16-2.oe2403sp3.noarch.rpm lcms2-help-2.11-2.oe2003sp4.noarch.rpm lcms2-2.13.1-3.oe2203sp4.aarch64.rpm lcms2-debuginfo-2.13.1-3.oe2203sp4.aarch64.rpm lcms2-debugsource-2.13.1-3.oe2203sp4.aarch64.rpm lcms2-devel-2.13.1-3.oe2203sp4.aarch64.rpm lcms2-utils-2.13.1-3.oe2203sp4.aarch64.rpm lcms2-2.16-2.oe2403.aarch64.rpm lcms2-debuginfo-2.16-2.oe2403.aarch64.rpm lcms2-debugsource-2.16-2.oe2403.aarch64.rpm lcms2-devel-2.16-2.oe2403.aarch64.rpm lcms2-utils-2.16-2.oe2403.aarch64.rpm lcms2-2.16-2.oe2403sp1.aarch64.rpm lcms2-debuginfo-2.16-2.oe2403sp1.aarch64.rpm lcms2-debugsource-2.16-2.oe2403sp1.aarch64.rpm lcms2-devel-2.16-2.oe2403sp1.aarch64.rpm lcms2-utils-2.16-2.oe2403sp1.aarch64.rpm lcms2-2.16-2.oe2403sp3.aarch64.rpm lcms2-debuginfo-2.16-2.oe2403sp3.aarch64.rpm lcms2-debugsource-2.16-2.oe2403sp3.aarch64.rpm lcms2-devel-2.16-2.oe2403sp3.aarch64.rpm lcms2-utils-2.16-2.oe2403sp3.aarch64.rpm lcms2-2.11-2.oe2003sp4.aarch64.rpm lcms2-debuginfo-2.11-2.oe2003sp4.aarch64.rpm lcms2-debugsource-2.11-2.oe2003sp4.aarch64.rpm lcms2-devel-2.11-2.oe2003sp4.aarch64.rpm lcms2-utils-2.11-2.oe2003sp4.aarch64.rpm lcms2-2.13.1-3.oe2203sp4.src.rpm lcms2-2.16-2.oe2403.src.rpm lcms2-2.16-2.oe2403sp1.src.rpm lcms2-2.16-2.oe2403sp3.src.rpm lcms2-2.11-2.oe2003sp4.src.rpm lcms2-2.13.1-3.oe2203sp4.x86_64.rpm lcms2-debuginfo-2.13.1-3.oe2203sp4.x86_64.rpm lcms2-debugsource-2.13.1-3.oe2203sp4.x86_64.rpm lcms2-devel-2.13.1-3.oe2203sp4.x86_64.rpm lcms2-utils-2.13.1-3.oe2203sp4.x86_64.rpm lcms2-2.16-2.oe2403.x86_64.rpm lcms2-debuginfo-2.16-2.oe2403.x86_64.rpm lcms2-debugsource-2.16-2.oe2403.x86_64.rpm lcms2-devel-2.16-2.oe2403.x86_64.rpm lcms2-utils-2.16-2.oe2403.x86_64.rpm lcms2-2.16-2.oe2403sp1.x86_64.rpm lcms2-debuginfo-2.16-2.oe2403sp1.x86_64.rpm lcms2-debugsource-2.16-2.oe2403sp1.x86_64.rpm lcms2-devel-2.16-2.oe2403sp1.x86_64.rpm lcms2-utils-2.16-2.oe2403sp1.x86_64.rpm lcms2-2.16-2.oe2403sp3.x86_64.rpm lcms2-debuginfo-2.16-2.oe2403sp3.x86_64.rpm lcms2-debugsource-2.16-2.oe2403sp3.x86_64.rpm lcms2-devel-2.16-2.oe2403sp3.x86_64.rpm lcms2-utils-2.16-2.oe2403sp3.x86_64.rpm lcms2-2.11-2.oe2003sp4.x86_64.rpm lcms2-debuginfo-2.11-2.oe2003sp4.x86_64.rpm lcms2-debugsource-2.11-2.oe2003sp4.x86_64.rpm lcms2-devel-2.11-2.oe2003sp4.x86_64.rpm lcms2-utils-2.11-2.oe2003sp4.x86_64.rpm Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. 2026-05-03 CVE-2026-41254 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 openEuler-20.03-LTS-SP4 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H lcms2 security update 2026-05-03 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2128