CVE-2026-42144
Deferred Deferred - Pending Action
Integer Overflow in CImg Library Leading to Heap Buffer Overflow

Publication date: 2026-05-04

Last updated on: 2026-05-07

Assigner: GitHub, Inc.

Description
CImg Library is a C++ library for image processing. Prior to commit 4ca26bc, there is an integer overflow vulnerability in the W*H*D size computation inside _load_pnm() that can bypass the memory allocation guard. A crafted PNM/PGM/PPM file with large dimension values causes the overflow to wrap around, allocating an undersized buffer and potentially triggering a heap buffer overflow. Any application using CImg to load untrusted image files is affected. This issue has been patched via commit 4ca26bc.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-04
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-05
EPSS Evaluated
2026-06-14
NVD
CVE-2026-42144
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the CImg Library, a C++ library used for image processing. Before a specific patch (commit 4ca26bc), there was an integer overflow in the calculation of image size (width * height * depth) inside the _load_pnm() function. This overflow could bypass the memory allocation guard by causing the size calculation to wrap around, resulting in an undersized buffer allocation. When a specially crafted PNM/PGM/PPM image file with very large dimensions is loaded, this can lead to a heap buffer overflow.

Any application that uses the CImg library to load untrusted image files is vulnerable to this issue.

Impact Analysis

The vulnerability can lead to a heap buffer overflow when processing specially crafted image files. This can cause application crashes or potentially allow an attacker to execute arbitrary code or cause denial of service in applications using the vulnerable CImg library.

Since the CVSS score is 6.1 with a vector indicating local attack with low complexity and requiring user interaction, the impact is significant but requires some conditions to be met.

Mitigation Strategies

To mitigate this vulnerability, update the CImg Library to include the patch applied in commit 4ca26bc which fixes the integer overflow in the _load_pnm() function.

Additionally, avoid loading untrusted PNM/PGM/PPM image files with applications using the vulnerable CImg versions until the patch is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42144. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart