CVE-2026-42146

EUVD-2026-27077
CImg Library is a C++ library for image processing. Prior to commit c3aacf5, the nb_colors field read from the BMP file header is used directly to compute an allocation size without validating it against the remaining file size. A crafted BMP file with a large nb_colors value triggers an out-of-memory condition, crashing any application that uses CImg to load untrusted BMP files. This issue has been patched via commit c3aacf5.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Debian logo
Debian Releases
Debian Product
Codename
cimg
bookworm
no-dsa
bullseye
vulnerable
forky
vulnerable
sid
3.5.2+dfsg-2
fixed
trixie
no-dsa
Common Weakness Enumeration
References
https://github.com/GreycLab/CImg/commit/c3aacf5b96ac1e54b7af1957c6737dbf3949f6d3
https://github.com/GreycLab/CImg/issues/477
https://github.com/GreycLab/CImg/releases/tag/v.3.7.5
https://github.com/GreycLab/CImg/security/advisories/GHSA-g54r-qmgx-c6fv
https://github.com/GreycLab/CImg/issues/477