Skip to main content

CImg Library CVE-2026-42144

| EUVDEUVD-2026-27075 MEDIUM
Integer Overflow or Wraparound (CWE-190)
2026-05-04 security-advisories@github.com
6.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.1 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

5
Patch available
May 04, 2026 - 19:17 EUVD
Source Code Evidence Fetched
May 04, 2026 - 18:30 vuln.today
Analysis Generated
May 04, 2026 - 18:30 vuln.today
Analysis Generated
May 04, 2026 - 18:22 vuln.today
CVE Published
May 04, 2026 - 18:16 nvd
MEDIUM 6.1

DescriptionGitHub Advisory

CImg Library is a C++ library for image processing. Prior to commit 4ca26bc, there is an integer overflow vulnerability in the W*H*D size computation inside _load_pnm() that can bypass the memory allocation guard. A crafted PNM/PGM/PPM file with large dimension values causes the overflow to wrap around, allocating an undersized buffer and potentially triggering a heap buffer overflow. Any application using CImg to load untrusted image files is affected. This issue has been patched via commit 4ca26bc.

AnalysisAI

Integer overflow in CImg Library's _load_pnm() function allows crafted PNM/PGM/PPM image files to bypass memory allocation guards via undersized buffer allocation, potentially triggering heap buffer overflow with local file access and user interaction. CVSS 6.1 (local, user-required interaction). Patch available in commit 4ca26bc and v.3.7.5.

Technical ContextAI

CImg is a C++ image processing library that includes a _load_pnm() function to parse Portable Anymap (PNM) format image files, including PGM (grayscale) and PPM (color) variants. The vulnerability exists in the size validation logic where the product W*H*D (width × height × depth) is computed using standard 32-bit integer arithmetic. When dimensions are sufficiently large, this multiplication overflows, wrapping to a small value and bypassing the guard check (siz threshold). This allows allocation of a drastically undersized buffer relative to the image data that follows, creating a classic heap buffer overflow condition when the PNM parser writes image pixel data. The root cause (CWE-190: Integer Overflow or Wraparound) stems from performing arithmetic on user-controlled values without type promotion to a larger integer type before comparison.

RemediationAI

Upgrade CImg Library to version 3.7.5 or later, which includes commit 4ca26bc that corrects the vulnerability by casting W, H, D multiplication to cimg_int64 before comparison. For applications unable to upgrade immediately, implement input validation at the application layer: reject PNM files with width or height exceeding a reasonable threshold (e.g., 65536 pixels per dimension) before passing to CImg::load(). This workaround trades functionality (very large legitimate images will be rejected) but eliminates the attack surface for maliciously crafted dimensions. Additionally, sanitize image file sources: avoid loading PNM images from untrusted or user-uploaded sources without pre-validation; prefer downloading images over HTTPS from trusted servers and verifying file signatures where possible. For development teams, consider sandboxing image processing tasks in separate processes with restricted memory allocation to limit impact of heap overflows.

Share

CVE-2026-42144 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy