Medium severity5.5NVD Advisory· Published May 4, 2026· Updated May 7, 2026
CVE-2026-42146
CVE-2026-42146
Description
CImg Library is a C++ library for image processing. Prior to commit c3aacf5, the nb_colors field read from the BMP file header is used directly to compute an allocation size without validating it against the remaining file size. A crafted BMP file with a large nb_colors value triggers an out-of-memory condition, crashing any application that uses CImg to load untrusted BMP files. This issue has been patched via commit c3aacf5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: before commit c3aacf5
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.