CVE-2026-8669

MEDIUM 6.5

Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file. The page-match branch validates Image.Width + Image.Left > SWidth before each DGifGetLine write, but the parallel skip-image branch at imgif.c:790-805 calls DGifGetLine(GifFile, GifRow, Width) with no such check.

CWE	CWE-787
Vendor	tonyc
Product	imager
Published	May 15, 2026
Last Updated	May 15, 2026

Stay Ahead of the Next One

Get instant alerts for tonyc imager

Be the first to know when new medium vulnerabilities affecting tonyc imager are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

TONYC / Imager

0 ≤ 1.030

References

NVD ↗ CVE.org ↗ EPSS Data ↗

metacpan.org: https://metacpan.org/release/TONYC/Imager-1.031/source/Changes github.com: https://github.com/tonycoz/imager/commit/782e9c06cc75a0f7eed383f39522f51f44598b04.patch