CImg Library BMP File Processing Out-of-Memory Vulnerability

A memory allocation vulnerability has been identified in the CImg Library, a C++ library for image processing. This issue arises in versions prior to commit c3aacf5, where the 'nb_colors' field in the BMP file header is read as a signed integer and used directly to calculate memory allocation size. The vulnerability allows a crafted BMP file with a large 'nb_colors' value to cause an out-of-memory condition, crashing applications that use CImg to process untrusted BMP files.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing applications to crash due to excessive memory allocation.

Reproduction

The vulnerability can be reproduced by loading a crafted BMP file with a large 'nb_colors' value into an application using CImg. This can be done with a minimal harness that calls the CImg library's BMP loading function. The attached proof-of-concept BMP file demonstrates the issue by triggering an out-of-memory error.

Remediation

Users are advised to update to CImg version 3.7.5 or later, where this vulnerability has been fixed.