A heap-based buffer overflow exists in stbi__bmp_load_cont in stb_image.h in catimg 2.4.0.