Cimg
by GreycLab
Source repositories
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-7641 | Hig | 0.51 | 7.8 | 0.01 | Mar 2, 2018 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "32 bits colors" case, aka case 32. | ||
| CVE-2018-7640 | Hig | 0.51 | 7.8 | 0.01 | Mar 2, 2018 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a Monochrome case, aka case 1. | ||
| CVE-2018-7639 | Hig | 0.51 | 7.8 | 0.01 | Mar 2, 2018 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 bits colors" case, aka case 16. | ||
| CVE-2018-7638 | Hig | 0.51 | 7.8 | 0.01 | Mar 2, 2018 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "256 colors" case, aka case 8. | ||
| CVE-2018-7637 | Hig | 0.51 | 7.8 | 0.01 | Mar 2, 2018 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 colors" case, aka case 4. | ||
| CVE-2018-7589 | Hig | 0.51 | 7.8 | 0.01 | Mar 1, 2018 | An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image. | ||
| CVE-2018-7588 | Hig | 0.51 | 7.8 | 0.01 | Mar 1, 2018 | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. | ||
| CVE-2018-7587 | Hig | 0.51 | 7.8 | 0.01 | Mar 1, 2018 | An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h. | ||
| CVE-2026-42144 | Med | 0.33 | 6.1 | 0.00 | May 4, 2026 | CImg Library is a C++ library for image processing. Prior to commit 4ca26bc, there is an integer overflow vulnerability in the W*H*D size computation inside _load_pnm() that can bypass the memory allocation guard. A crafted PNM/PGM/PPM file with large dimension values causes the… | ||
| CVE-2026-42146 | Med | 0.29 | 5.5 | 0.00 | May 4, 2026 | CImg Library is a C++ library for image processing. Prior to commit c3aacf5, the nb_colors field read from the BMP file header is used directly to compute an allocation size without validating it against the remaining file size. A crafted BMP file with a large nb_colors value… | ||
| CVE-2024-26540 | 0.00 | — | 0.00 | Mar 15, 2024 | A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg::_load_analyze. | |||
| CVE-2022-1325 | 0.00 | — | 0.00 | Aug 31, 2022 | A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual… | |||
| CVE-2020-25693 | 0.00 | — | 0.01 | Dec 3, 2020 | A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity. | |||
| CVE-2019-13568 | 0.00 | — | 0.02 | Jul 31, 2019 | CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image. |
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "32 bits colors" case, aka case 32.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a Monochrome case, aka case 1.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 bits colors" case, aka case 16.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "256 colors" case, aka case 8.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 colors" case, aka case 4.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.
- risk 0.33cvss 6.1epss 0.00
CImg Library is a C++ library for image processing. Prior to commit 4ca26bc, there is an integer overflow vulnerability in the W*H*D size computation inside _load_pnm() that can bypass the memory allocation guard. A crafted PNM/PGM/PPM file with large dimension values causes the…
- risk 0.29cvss 5.5epss 0.00
CImg Library is a C++ library for image processing. Prior to commit c3aacf5, the nb_colors field read from the BMP file header is used directly to compute an allocation size without validating it against the remaining file size. A crafted BMP file with a large nb_colors value…
- CVE-2024-26540Mar 15, 2024risk 0.00cvss —epss 0.00
A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg::_load_analyze.
- CVE-2022-1325Aug 31, 2022risk 0.00cvss —epss 0.00
A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual…
- CVE-2020-25693Dec 3, 2020risk 0.00cvss —epss 0.01
A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity.
- CVE-2019-13568Jul 31, 2019risk 0.00cvss —epss 0.02
CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image.