Description

CImg Library is a C++ library for image processing. Prior to commit c3aacf5, the nb_colors field read from the BMP file header is used directly to compute an allocation size without validating it against the remaining file size. A crafted BMP file with a large nb_colors value triggers an out-of-memory condition, crashing any application that uses CImg to load untrusted BMP files. This issue has been patched via commit c3aacf5.

INFO

Published Date :

2026-05-04T17:53:23.830Z

Last Modified :

2026-05-06T13:44:14.581Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-42146 vulnerability.

Vendors Products
Greyclab
  • Cimg
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-42146.

URL Resource
https://github.com/GreycLab/CImg/commit/c3aacf5b96ac1e54b7af1957c6737dbf3949f6d3 cve-icon cve-icon
https://github.com/GreycLab/CImg/issues/477 cve-icon cve-icon cve-icon
https://github.com/GreycLab/CImg/releases/tag/v.3.7.5 cve-icon cve-icon
https://github.com/GreycLab/CImg/security/advisories/GHSA-g54r-qmgx-c6fv cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact