CVE-2026-42146
Out-of-Memory in CImg Library via Malicious BMP File
Publication date: 2026-05-04
Last updated on: 2026-05-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-789 | The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the CImg Library, a C++ library used for image processing. Before a specific patch, the library used the nb_colors field from the BMP file header directly to calculate memory allocation size without verifying if this value was reasonable compared to the actual file size.
An attacker can craft a BMP file with an artificially large nb_colors value, causing the library to allocate excessive memory. This leads to an out-of-memory condition that crashes any application using CImg to load such untrusted BMP files.
The issue was fixed in a patch that added validation to prevent this improper memory allocation.
How can this vulnerability impact me? :
This vulnerability can cause applications that use the CImg Library to crash when processing specially crafted BMP files. This results in a denial of service (DoS) condition.
If your application processes untrusted BMP images using CImg, an attacker could exploit this flaw to disrupt service availability by triggering out-of-memory crashes.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that your applications using the CImg Library are updated to include the patch from commit c3aacf5, which validates the nb_colors field against the remaining file size before allocation.
Avoid loading untrusted BMP files with vulnerable versions of the CImg Library to prevent out-of-memory crashes.