Bug#1135778: cimg: CVE-2026-42144 CVE-2026-42146

[Salvatore Bonaccorso]

Source: cimg
Version: 3.5.2+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>

Hi,

The following vulnerabilities were published for cimg.

CVE-2026-42144[0]:
| CImg Library is a C++ library for image processing. Prior to commit
| 4ca26bc, there is an integer overflow vulnerability in the W*H*D
| size computation inside _load_pnm() that can bypass the memory
| allocation guard. A crafted PNM/PGM/PPM file with large dimension
| values causes the overflow to wrap around, allocating an undersized
| buffer and potentially triggering a heap buffer overflow. Any
| application using CImg to load untrusted image files is affected.
| This issue has been patched via commit 4ca26bc.


CVE-2026-42146[1]:
| CImg Library is a C++ library for image processing. Prior to commit
| c3aacf5, the nb_colors field read from the BMP file header is used
| directly to compute an allocation size without validating it against
| the remaining file size. A crafted BMP file with a large nb_colors
| value triggers an out-of-memory condition, crashing any application
| that uses CImg to load untrusted BMP files. This issue has been
| patched via commit c3aacf5.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-42144
    https://www.cve.org/CVERecord?id=CVE-2026-42144
    https://github.com/GreycLab/CImg/security/advisories/GHSA-4663-63fm-44gc
    https://github.com/GreycLab/CImg/commit/4ca26bce4d8c61fcd1507d5f9401b9fb1222c27d
[1] https://security-tracker.debian.org/tracker/CVE-2026-42146
    https://www.cve.org/CVERecord?id=CVE-2026-42146
    https://github.com/GreycLab/CImg/security/advisories/GHSA-g54r-qmgx-c6fv
    https://github.com/GreycLab/CImg/commit/c3aacf5b96ac1e54b7af1957c6737dbf3949f6d3

Regards,
Salvatore