Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Ubuntu 26.04 LTS USN 8250-1 lcms2 Critical Denial of Service

Calendar May 07, 2026 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service critical Ubuntu lcms2 malformed icc profile
Little CMS could be made to crash if it opened a specially crafted ICC profile. 
==========================================================================
Ubuntu Security Notice USN-8250-1
May 07, 2026

lcms2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10

Summary:

Little CMS could be made to crash if it opened a specially crafted ICC
profile.

Software Description:
- lcms2: Little CMS color management library

Details:

It was discovered that Little CMS incorrectly handled certain malformed ICC
profiles. An attacker could possibly use this issue to cause Little CMS to
crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  liblcms2-2                      2.17-1ubuntu0.2

Ubuntu 25.10
  liblcms2-2                      2.16-2ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8250-1
  CVE-2026-42798

Package Information:
  https://launchpad.net/ubuntu/+source/lcms2/2.17-1ubuntu0.2
  https://launchpad.net/ubuntu/+source/lcms2/2.16-2ubuntu0.2

Ubuntu 26.04 LTS USN 8250-1 lcms2 Critical Denial of Service

ubuntu
Calendar Grey May 7, 2026
Dist Ubuntu Esm H88
Little CMS crash vulnerability in Ubuntu 26.04 and 25.10 requires urgent updates to prevent denial of service.
Little CMS could be made to crash if it opened a specially crafted ICC profile.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 Summary: Little CMS could be made to crash if it opened a specially crafted ICC profile. Software Description: - lcms2: Little CMS color management library Details: It was discovered that Little CMS incorrectly handled certain malformed ICC profiles. An attacker could possibly use this issue to cause Little CMS to crash, resulting in a denial of service.

Topics%20covered

Topics Covered

security advisory denial of service critical Ubuntu lcms2 malformed icc profile

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS liblcms2-2 2.17-1ubuntu0.2 Ubuntu 25.10 liblcms2-2 2.16-2ubuntu0.2 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8250-1

CVE-2026-42798

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8250-1

Topics%20covered

Topics Covered

security advisory denial of service critical Ubuntu lcms2 malformed icc profile

Package Information

https://launchpad.net/ubuntu/+source/lcms2/2.17-1ubuntu0.2 https://launchpad.net/ubuntu/+source/lcms2/2.16-2ubuntu0.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here