Description
Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed.

Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process.

An attacker could craft an image with EXIF data that terminates a worker process.
Published: 2026-07-08
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

Vendor Solution

Upgrade to version 1.033 or later.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Jul 2026 13:00:00 +0000

Type Values Removed Values Added
Description Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. An attacker could craft an image with EXIF data that terminates a worker process.
Title Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed
Weaknesses CWE-196
CWE-789
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: CPANSec

Published:

Updated: 2026-07-08T12:30:20.230Z

Reserved: 2026-07-02T08:18:50.542Z

Link: CVE-2026-14454

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses