{"id":"CVE-2019-13568","details":"CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image.","modified":"2026-04-11T23:33:53.237503Z","published":"2019-07-31T15:15:12.797Z","references":[{"type":"WEB","url":"http://cimg.eu/"},{"type":"FIX","url":"https://github.com/dtschump/CImg/commit/ac8003393569aba51048c9d67e1491559877b1d1"},{"type":"PACKAGE","url":"https://github.com/dtschump/CImg"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dtschump/cimg","events":[{"introduced":"0"},{"last_affected":"17c15abb5b49208731e2dd5cd45958dc13603779"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.6.7"}]}},{"type":"GIT","repo":"https://github.com/greyclab/cimg","events":[{"introduced":"0"},{"fixed":"ac8003393569aba51048c9d67e1491559877b1d1"}]}],"versions":["v.2.3.0","v.2.3.1","v.2.3.2","v.2.3.3","v.2.3.4","v.2.3.5","v.2.3.6","v.2.4.0","v.2.4.1","v.2.4.2","v.2.4.3","v.2.4.4","v.2.4.5","v.2.5.0","v.2.5.1","v.2.5.2","v.2.5.3","v.2.5.4","v.2.5.5","v.2.5.6","v.2.5.7","v.2.6.0","v.2.6.1","v.2.6.2","v.2.6.3","v.2.6.4","v.2.6.5","v.2.6.6","v.2.6.7"],"database_specific":{"vanir_signatures":[{"target":{"file":"CImg.h"},"signature_type":"Line","digest":{"line_hashes":["123900495252698105146206851399364022680","34985455046062833179538152961747109064","259368712130415099546123384839278813714","30279005630026207159421049988461690667"],"threshold":0.9},"id":"CVE-2019-13568-9b7918e6","source":"https://github.com/greyclab/cimg/commit/ac8003393569aba51048c9d67e1491559877b1d1","signature_version":"v1","deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13568.json","vanir_signatures_modified":"2026-04-11T23:33:53Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}