| Release | Version |
|---|---|
| bullseye | 2.12~rc1-2 |
| bookworm | 2.14-2 |
| trixie | 2.16-2 |
| forky | 2.17-1 |
| sid | 2.17-1 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2026-41254 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in ... |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2025-29070 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | A heap buffer overflow vulnerability has been identified in thesmooth2 ... |
| Bug | Description |
|---|---|
| CVE-2018-16435 | Little CMS (aka Little Color Management System) 2.9 has an integer ove ... |
| CVE-2016-10165 | The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) all ... |
| CVE-2014-0459 | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Em ... |
| CVE-2013-7455 | Double free vulnerability in the DefaultICCintents function in cmscnvr ... |
| CVE-2013-4276 | Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcm ... |
| CVE-2013-4160 | Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other ... |
| DSA / DLA | Description |
|---|---|
| DLA-1496-1 | lcms2 - security update |
| DSA-4284-1 | lcms2 - security update |
| DSA-3774-1 | lcms2 - security update |
| DLA-803-1 | lcms2 - security update |