Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Lifecycle Timeline
5DescriptionGitHub Advisory
CImg Library is a C++ library for image processing. Prior to commit 4ca26bc, there is an integer overflow vulnerability in the W*H*D size computation inside _load_pnm() that can bypass the memory allocation guard. A crafted PNM/PGM/PPM file with large dimension values causes the overflow to wrap around, allocating an undersized buffer and potentially triggering a heap buffer overflow. Any application using CImg to load untrusted image files is affected. This issue has been patched via commit 4ca26bc.
AnalysisAI
Integer overflow in CImg Library's _load_pnm() function allows crafted PNM/PGM/PPM image files to bypass memory allocation guards via undersized buffer allocation, potentially triggering heap buffer overflow with local file access and user interaction. CVSS 6.1 (local, user-required interaction). Patch available in commit 4ca26bc and v.3.7.5.
Technical ContextAI
CImg is a C++ image processing library that includes a _load_pnm() function to parse Portable Anymap (PNM) format image files, including PGM (grayscale) and PPM (color) variants. The vulnerability exists in the size validation logic where the product W*H*D (width × height × depth) is computed using standard 32-bit integer arithmetic. When dimensions are sufficiently large, this multiplication overflows, wrapping to a small value and bypassing the guard check (siz threshold). This allows allocation of a drastically undersized buffer relative to the image data that follows, creating a classic heap buffer overflow condition when the PNM parser writes image pixel data. The root cause (CWE-190: Integer Overflow or Wraparound) stems from performing arithmetic on user-controlled values without type promotion to a larger integer type before comparison.
RemediationAI
Upgrade CImg Library to version 3.7.5 or later, which includes commit 4ca26bc that corrects the vulnerability by casting W, H, D multiplication to cimg_int64 before comparison. For applications unable to upgrade immediately, implement input validation at the application layer: reject PNM files with width or height exceeding a reasonable threshold (e.g., 65536 pixels per dimension) before passing to CImg::load(). This workaround trades functionality (very large legitimate images will be rejected) but eliminates the attack surface for maliciously crafted dimensions. Additionally, sanitize image file sources: avoid loading PNM images from untrusted or user-uploaded sources without pre-validation; prefer downloading images over HTTPS from trusted servers and verifying file signatures where possible. For development teams, consider sandboxing image processing tasks in separate processes with restricted memory allocation to limit impact of heap overflows.
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Integer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27075