CVE-2026-42144: CWE-190: Integer Overflow or Wraparound in GreycLab CImg
CVE-2026-42144 is an integer overflow vulnerability in the CImg Library, a C++ image processing library. The flaw occurs in the size computation for image dimensions inside the _load_pnm() function, where large dimension values cause an overflow that bypasses memory allocation guards. This results in an undersized buffer allocation and can lead to a heap buffer overflow when processing crafted PNM/PGM/PPM image files. Applications using vulnerable versions of CImg to load untrusted images are affected. The issue has been patched in commit 4ca26bce4d8c61fcd1507d5f9401b9fb1222c27d.
AI Analysis
Technical Summary
The CImg Library versions prior to commit 4ca26bce4d8c61fcd1507d5f9401b9fb1222c27d contain an integer overflow vulnerability (CWE-190) in the _load_pnm() function. Specifically, the calculation of the product of image width, height, and depth (W*H*D) can overflow, causing the allocation of a buffer smaller than required. This can lead to a heap buffer overflow when the image data is loaded from crafted PNM/PGM/PPM files with large dimension values. The vulnerability affects any application using CImg to load untrusted image files. The issue has been addressed by a patch in the specified commit.
Potential Impact
Exploitation of this vulnerability can lead to a heap buffer overflow, which may cause application crashes or potentially allow an attacker to execute arbitrary code or cause denial of service. The CVSS v3.1 score is 6.1 (medium severity), reflecting local attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, no confidentiality impact, low integrity impact, and high availability impact.
Mitigation Recommendations
A patch fixing this vulnerability is available in commit 4ca26bce4d8c61fcd1507d5f9401b9fb1222c27d of the CImg Library. Users and developers should update to this patched version or later to remediate the issue. Since this is a library vulnerability, applications using CImg should ensure they incorporate the fixed version before processing untrusted image files. No vendor advisory was provided, so patch status is based on the commit information.
CVE-2026-42144: CWE-190: Integer Overflow or Wraparound in GreycLab CImg
Description
CVE-2026-42144 is an integer overflow vulnerability in the CImg Library, a C++ image processing library. The flaw occurs in the size computation for image dimensions inside the _load_pnm() function, where large dimension values cause an overflow that bypasses memory allocation guards. This results in an undersized buffer allocation and can lead to a heap buffer overflow when processing crafted PNM/PGM/PPM image files. Applications using vulnerable versions of CImg to load untrusted images are affected. The issue has been patched in commit 4ca26bce4d8c61fcd1507d5f9401b9fb1222c27d.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The CImg Library versions prior to commit 4ca26bce4d8c61fcd1507d5f9401b9fb1222c27d contain an integer overflow vulnerability (CWE-190) in the _load_pnm() function. Specifically, the calculation of the product of image width, height, and depth (W*H*D) can overflow, causing the allocation of a buffer smaller than required. This can lead to a heap buffer overflow when the image data is loaded from crafted PNM/PGM/PPM files with large dimension values. The vulnerability affects any application using CImg to load untrusted image files. The issue has been addressed by a patch in the specified commit.
Potential Impact
Exploitation of this vulnerability can lead to a heap buffer overflow, which may cause application crashes or potentially allow an attacker to execute arbitrary code or cause denial of service. The CVSS v3.1 score is 6.1 (medium severity), reflecting local attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, no confidentiality impact, low integrity impact, and high availability impact.
Mitigation Recommendations
A patch fixing this vulnerability is available in commit 4ca26bce4d8c61fcd1507d5f9401b9fb1222c27d of the CImg Library. Users and developers should update to this patched version or later to remediate the issue. Since this is a library vulnerability, applications using CImg should ensure they incorporate the fixed version before processing untrusted image files. No vendor advisory was provided, so patch status is based on the commit information.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-24T17:15:21.834Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f8e3e0cbff5d86103e4663
Added to database: 5/4/2026, 6:22:24 PM
Last enriched: 5/4/2026, 6:36:39 PM
Last updated: 5/4/2026, 10:10:13 PM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.