CVE-2026-42144 — Buffer Overflow

/MEDIUM /CVSS 6.1/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
National Vulnerability Database vulnerabilitycvemedium-severitybuffer-overflowcwe-190
CVE-2026-42144 — Buffer Overflow

CVE-2026-42144 — CImg Library is a C++ library for image processing. Prior to commit 4ca26bc, there is an integer overflow vulnerability in the W*H*D size computation inside _load_pnm() that can bypass the memory allocation guard. A crafted PNM/PGM/PPM file with large dimension values causes the ove

What This Means For You

  • If your environment is affected by CWE-190, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-42144 updates and patches.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1204.002 Malicious File Initial Access T1566.002 Spearphishing Attachment Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

medium T1204.002 Execution

CImg Library Integer Overflow in _load_pnm() - CVE-2026-42144

Sigma YAML — free preview 
title: CImg Library Integer Overflow in _load_pnm() - CVE-2026-42144
id: scw-2026-05-04-ai-1
status: experimental
level: medium
description: |
  Detects processes that appear to be using the CImg library (indicated by 'CImg' in the image name) and are attempting to load PNM, PGM, or PPM files. This rule specifically looks for command lines that might indicate the vulnerable size computation logic ('W*H*D') which is part of the integer overflow vulnerability in _load_pnm() leading to potential heap buffer overflows. This is a primary detection for the initial exploitation vector.
author: SCW Feed Engine (AI-generated)
date: 2026-05-04
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-42144/
tags:
  - attack.execution
  - attack.t1204.002
logsource:
    category: process_creation
detection:
  selection:
      Image|contains:
          - 'CImg'
      CommandLine|contains:
          - '.pnm'
          - '.pgm'
          - '.ppm'
  selection_size_computation:
      CommandLine|contains:
          - 'W*H*D'
  condition: selection AND selection_size_computation
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-42144 vulnerability CVE-2026-42144
CWE-190 weakness CWE-190

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 04, 2026 at 21:16 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Related coverage

Prometheus CVE-2026-42154: Unauthenticated Memory Exhaustion Vulnerability

CVE-2026-42154 — Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not...

vulnerabilityCVEhigh-severitycwe-400cwe-789
/SCW Vulnerability Desk /HIGH /7.5 /⚑ 4 IOCs /⚙ 2 Sigma

Prometheus Azure AD OAuth Secret Exposed via Plaintext Config

CVE-2026-42151 — Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD...

vulnerabilityCVEhigh-severitycwe-200cwe-312
/SCW Vulnerability Desk /HIGH /7.5 /⚑ 1 IOC /⚙ 3 Sigma

CVE-2026-25863: WordPress Plugin DoS Vulnerability Hits Contact Form 7

CVE-2026-25863 — Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the...

vulnerabilityCVEhigh-severitycwe-1284
/SCW Vulnerability Desk /HIGH /7.5 /⚑ 5 IOCs