ELA-1709-1 lcms2 security update

integer overflow vulnerability

2026-05-06

An integer overflow issue was discovered in Little CMS.

For Debian 10 buster, these problems have been fixed in version 2.9-3+deb10u1.

For Debian 9 stretch, these problems have been fixed in version 2.8-4+deb9u2.

We recommend that you upgrade your lcms2 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.