Integer Overflow Vulnerability in CImg Library for Image Processing by GreycLab
CVE-2026-42144

6.1MEDIUM

Key Information:

Vendor

Greyclab

Status
Cimg
Vendor
CVE Published:
4 May 2026

What is CVE-2026-42144?

The CImg Library, a C++ library for image manipulation, is affected by an integer overflow vulnerability in the size computation for PNM/PGM/PPM files. When processing crafted image files with large dimensions, the overflow can lead to the allocation of an undersized buffer, which may subsequently result in a heap buffer overflow. This vulnerability poses risks for any applications that utilize CImg to load untrusted image files. A fix was implemented via commit 4ca26bc, patching the affected versions to prevent exploitation.

Affected Version(s)

CImg < 4ca26bce4d8c61fcd1507d5f9401b9fb1222c27d

References

https://github.com/GreycLab/CImg/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/GreycLab/CImg/issues/478
x_refsource_MISC
https://github.com/GreycLab/CImg/commit/4ca26bce4d8c61fcd...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.