GreycLab/CImg

GitHub

github.com

cimg.eu

Releases129

Frequency1 month 20 hours

Last Release 22 days ago

Stars1.68K

The CImg Library is a small and open-source C++ toolkit for image processing

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-42144 ↗	May 4, 2026Monday, 4 May 2026, 18:16	6.1 MEDIUM	—
CImg Library is a C++ library for image processing. Prior to commit 4ca26bc, there is an integer overflow vulnerability in the WHD size computation inside _load_pnm() that can bypass the memory allocation guard. A crafted PNM/PGM/PPM file with large dimension values causes the overflow to wrap around, allocating an undersized buffer and potentially triggering a heap buffer overflow. Any application using CImg to load untrusted image files is affected. This issue has been patched via commit 4ca26bc.
CVE-2026-42146 ↗	May 4, 2026Monday, 4 May 2026, 18:16	5.5 MEDIUM	—
CImg Library is a C++ library for image processing. Prior to commit c3aacf5, the nb_colors field read from the BMP file header is used directly to compute an allocation size without validating it against the remaining file size. A crafted BMP file with a large nb_colors value triggers an out-of-memory condition, crashing any application that uses CImg to load untrusted BMP files. This issue has been patched via commit c3aacf5.
CVE-2024-26540 ↗	Mar 15, 2024Friday, 15 March 2024, 01:15	7.8 HIGH	—
A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg<unsigned char>::_load_analyze.
CVE-2022-1325 ↗	Aug 31, 2022Wednesday, 31 August 2022, 16:15	5.5 MEDIUM	—
A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer.
CVE-2019-13568 ↗	Jul 31, 2019Wednesday, 31 July 2019, 15:15	—	6.8 MEDIUM
CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image.
CVE-2018-7637 ↗	Mar 2, 2018Friday, 2 March 2018, 14:29	—	6.8 MEDIUM
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 colors" case, aka case 4.
CVE-2018-7638 ↗	Mar 2, 2018Friday, 2 March 2018, 14:29	—	6.8 MEDIUM
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "256 colors" case, aka case 8.
CVE-2018-7639 ↗	Mar 2, 2018Friday, 2 March 2018, 14:29	—	6.8 MEDIUM
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 bits colors" case, aka case 16.
CVE-2018-7640 ↗	Mar 2, 2018Friday, 2 March 2018, 14:29	—	6.8 MEDIUM
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a Monochrome case, aka case 1.
CVE-2018-7641 ↗	Mar 2, 2018Friday, 2 March 2018, 14:29	—	6.8 MEDIUM
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "32 bits colors" case, aka case 32.
CVE-2018-7588 ↗	Mar 1, 2018Thursday, 1 March 2018, 22:29	—	6.8 MEDIUM
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image.
CVE-2018-7589 ↗	Mar 1, 2018Thursday, 1 March 2018, 22:29	—	6.8 MEDIUM
An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image.