Login Sign Up

CVE-2024-26540

7.8 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

A heap-based buffer overflow vulnerability in CImg library versions before 3.3.3 allows attackers to execute arbitrary code or cause denial of service by providing a specially crafted Analyze file format image. This affects any application that uses CImg library to process Analyze medical image files.

💻 Affected Systems

Products:
  • CImg library
  • Applications using CImg library for Analyze format image processing
Versions: All versions before 3.3.3
Operating Systems: All platforms where CImg is used (Linux, Windows, macOS, etc.)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects applications that use the _load_analyze function to process Analyze format medical images.

📦 What is this software?

Cimg by Cimg

View all CVEs affecting Cimg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the application processing the image file, potentially leading to complete system compromise.

🟠

Likely Case

Application crash (denial of service) when processing malicious Analyze format files.

🟢

If Mitigated

Application crash with proper memory protections (ASLR, DEP) limiting code execution impact.

🌐 Internet-Facing: MEDIUM - Risk depends on whether affected applications accept untrusted Analyze files from external sources.
🏢 Internal Only: LOW - Risk is limited unless internal users can supply malicious Analyze files to vulnerable applications.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting a malicious Analyze format file and getting it processed by vulnerable application.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.3.3

Vendor Advisory: https://github.com/GreycLab/CImg/issues/403

Restart Required: No

Instructions:

1. Update CImg library to version 3.3.3 or later. 2. Recompile any applications using CImg with the updated library. 3. Replace any statically linked CImg libraries in applications.

🔧 Temporary Workarounds

Disable Analyze format processing

all

Modify applications to disable or remove support for Analyze format image loading

Input validation

all

Implement strict validation of Analyze file headers before processing

🧯 If You Can't Patch

  • Implement strict file type validation to reject untrusted Analyze format files
  • Run vulnerable applications with reduced privileges and memory protection controls (ASLR, DEP)

🔍 How to Verify

Check if Vulnerable:

Check CImg library version in source code or compiled application. If version < 3.3.3 and application processes Analyze format files, it is vulnerable.

Check Version:

Check CImg.h header file for #define cimg_version value (should be >= 33300 for 3.3.3)

Verify Fix Applied:

Verify CImg library version is 3.3.3 or later and recompile applications with updated library.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing image files
  • Memory access violation errors in application logs

Network Indicators:

  • Unusual Analyze format file uploads to applications

SIEM Query:

Application: (cimg OR "CImg") AND Event: (crash OR "access violation" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2024-26540
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-122
Published: March 15, 2024
Last Updated: June 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26540, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)