Alerts This Week
Warning Icon 1 1,213
Alerts This Week
Warning Icon 1 1,213

Ubuntu 26.04 LTS USN 8250-1 lcms2 Critical Denial of Service

ubuntu
Calendar Grey May 7, 2026
Dist Ubuntu Esm H88
Little CMS crash vulnerability in Ubuntu 26.04 and 25.10 requires urgent updates to prevent denial of service.
Little CMS could be made to crash if it opened a specially crafted ICC profile.

Summary

Little CMS could be made to crash if it opened a specially crafted ICC

profile.

Software Description:

- lcms2: Little CMS color management library

Details:

It was discovered that Little CMS incorrectly handled certain malformed ICC

profiles. An attacker could possibly use this issue to cause Little CMS to

crash, resulting in a denial of service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  liblcms2-2                      2.17-1ubuntu0.2

Ubuntu 25.10
  liblcms2-2                      2.16-2ubuntu0.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8250-1

CVE-2026-42798

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8250-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here