Out-of-Memory Condition in CImg Library Affects Image Processing Applications
CVE-2026-42146

5.5MEDIUM

Key Information:

Vendor

Greyclab

Status
Cimg
Vendor
CVE Published:
4 May 2026

What is CVE-2026-42146?

The CImg Library, utilized for image processing, is susceptible to an out-of-memory condition when reading BMP files with a manipulated nb_colors value. Prior to a specific commit c3aacf5, the library failed to validate the nb_colors field against the file size, which could lead to application crashes when untrusted BMP files are processed. This issue has been addressed in updates, ensuring better handling of BMP files to safeguard against such vulnerabilities.

Affected Version(s)

CImg < c3aacf5b96ac1e54b7af1957c6737dbf3949f6d3

References

https://github.com/GreycLab/CImg/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/GreycLab/CImg/issues/477
x_refsource_MISC
https://github.com/GreycLab/CImg/commit/c3aacf5b96ac1e54b...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.