This update for lcms2 fixes the following issues
- CVE-2026-41254: integer overflow in CubeSize in cmslut.c (bsc#1264994).
- CVE-2026-42798: integer overflow in ParseCube in cmscgats.c (bsc#1263703).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1125=1
- openSUSE Leap 16.0:
lcms2-2.16-160000.4.1
liblcms2-2-2.16-160000.4.1
liblcms2-devel-2.16-160000.4.1
liblcms2-doc-2.16-160000.4.1
* bsc#1263703
* bsc#1264994
References:
* https://www.suse.com/security/cve/CVE-2026-41254.html
* https://www.suse.com/security/cve/CVE-2026-42798.html
Get the latest Linux and open source security news straight to your inbox.