๐Ÿ” CVE Alert

CVE-2026-14454

CRITICAL 9.8

Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed

CVSS Score
9.8
EPSS Score
0.2%
EPSS Percentile
8th

Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. An attacker could craft an image with EXIF data that terminates a worker process.

CWE CWE-196 CWE-789
Vendor tonyc
Product imager
Published Jul 8, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for tonyc imager

Be the first to know when new critical vulnerabilities affecting tonyc imager are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

TONYC / Imager
0 < 1.033

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
metacpan.org: https://metacpan.org/release/TONYC/Imager-1.033/changes github.com: https://github.com/tonycoz/imager/commit/06f01a5d0fd591259aeba589370d6888384a6b6d.patch openwall.com: http://www.openwall.com/lists/oss-security/2026/07/08/6