Skip to main content

Imager (Perl) CVE-2026-14454

| EUVDEUVD-2026-42226 CRITICAL
Unsigned to Signed Conversion Error (CWE-196)
2026-07-08 CPANSec GHSA-j48m-64vj-6rm9
9.8
CVSS 3.1 · Vendor: CPANSec
Share

Severity by source

Vendor (CPANSec) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.5 HIGH

Remote unauthenticated crafted image needs no privileges or interaction (AV:N/AC:L/PR:N/UI:N), but described impact is only a worker crash, so C:N/I:N/A:H.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (CPANSec).

CVSS VectorVendor: CPANSec

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jul 09, 2026 - 16:37 vuln.today
CVSS changed
Jul 09, 2026 - 16:22 NVD
9.8 (None) 9.8 (CRITICAL)
CVE Published
Jul 08, 2026 - 12:30 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed.

Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process.

An attacker could craft an image with EXIF data that terminates a worker process.

AnalysisAI

Denial of service in the Imager image-processing module for Perl (all versions before 1.033) allows remote attackers to crash a worker process by submitting an image whose EXIF IFD entry count is mishandled as a signed integer, triggering an near-address-space-sized memory allocation that fails and aborts the process. Any application that passes untrusted images through Imager's EXIF parsing is exposed. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Submit image to Imager-backed service
Delivery
Embed oversized EXIF IFD entry count
Exploit
Signed misread yields negative count
Execution
Trigger near-address-space allocation
Persist
Allocation fails, worker process killed
Impact
Repeat to sustain denial of service

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target application passes attacker-supplied image data to Imager and that Imager's EXIF parsing path is reached (e.g. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals conflict sharply and should be weighed carefully. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker uploads a profile picture or submits an image to a Perl web service that uses Imager to read metadata or generate thumbnails. The image contains an EXIF IFD with an oversized entry count that Imager interprets as negative, causing a huge allocation that fails and kills the worker handling the request. …
Remediation Vendor-released patch: upgrade Imager to 1.033 or later (CPAN release TONYC/Imager-1.033); the upstream fix is commit 06f01a5d0fd591259aeba589370d6888384a6b6d (https://github.com/tonycoz/imager/commit/06f01a5d0fd591259aeba589370d6888384a6b6d.patch), and release notes are at https://metacpan.org/release/TONYC/Imager-1.033/changes with advisory context at https://seclists.org/oss-sec/2026/q3/98. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all systems using Imager module and classify by production criticality. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-14454 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy