CVE-2026-42146

Name of the Vulnerable Software and Affected Versions CImg Library versions prior to commit c3aacf5

Description An issue exists in the processing of BMP files where the nb colors field from the file header is used to calculate allocation size without validation against the actual remaining file size. A specially crafted BMP file containing a large nb colors value can trigger an out-of-memory condition, leading to a crash of any application utilizing the library to load untrusted BMP files.

Recommendations Update to the version containing commit c3aacf5.