What is the CVSS score of CVE-2026-42798?

CVE-2026-42798 has a CVSS 3.1 base score of 4.0 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-42798?

Yes, a patch is available for CVE-2026-42798. Update the affected software to the latest version immediately.

Little CMS (lcms2) CVE-2026-42798

EUVD-2026-26351 MEDIUM

Integer Overflow or Wraparound (CWE-190)

2026-04-30 mitre

Buffer Overflow Integer Overflow Suse

4.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

Low

Lifecycle Timeline

Patch released

Apr 30, 2026 - 15:48 nvd

Patch available

Apr 30, 2026 - 09:01 EUVD

Source Code Evidence Fetched

Apr 30, 2026 - 07:45 vuln.today

Analysis Generated

Apr 30, 2026 - 07:45 vuln.today

EUVD ID Assigned

Apr 30, 2026 - 07:15 euvd

EUVD-2026-26351

Analysis Generated

Apr 30, 2026 - 07:15 vuln.today

CVE Published

Apr 30, 2026 - 06:34 nvd

MEDIUM 4.0

DescriptionNVD

Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c.

AnalysisAI

Integer overflow in Little CMS color engine versions 2.16 through 2.18 allows local attackers to trigger integer overflow in the ParseCube function when processing specially crafted color lookup table (LUT) input files, potentially resulting in buffer overflow and denial of service or information disclosure. The vulnerability affects the CGATS parser used for loading ICC color profiles and LUT data. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory