Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Remote unauthenticated crafted image needs no privileges or interaction (AV:N/AC:L/PR:N/UI:N), but described impact is only a worker crash, so C:N/I:N/A:H.
Primary rating from Vendor (CPANSec).
CVSS VectorVendor: CPANSec
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed.
Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process.
An attacker could craft an image with EXIF data that terminates a worker process.
AnalysisAI
Denial of service in the Imager image-processing module for Perl (all versions before 1.033) allows remote attackers to crash a worker process by submitting an image whose EXIF IFD entry count is mishandled as a signed integer, triggering an near-address-space-sized memory allocation that fails and aborts the process. Any application that passes untrusted images through Imager's EXIF parsing is exposed. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target application passes attacker-supplied image data to Imager and that Imager's EXIF parsing path is reached (e.g. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals conflict sharply and should be weighed carefully. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker uploads a profile picture or submits an image to a Perl web service that uses Imager to read metadata or generate thumbnails. The image contains an EXIF IFD with an oversized entry count that Imager interprets as negative, causing a huge allocation that fails and kills the worker handling the request. … |
| Remediation | Vendor-released patch: upgrade Imager to 1.033 or later (CPAN release TONYC/Imager-1.033); the upstream fix is commit 06f01a5d0fd591259aeba589370d6888384a6b6d (https://github.com/tonycoz/imager/commit/06f01a5d0fd591259aeba589370d6888384a6b6d.patch), and release notes are at https://metacpan.org/release/TONYC/Imager-1.033/changes with advisory context at https://seclists.org/oss-sec/2026/q3/98. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify all systems using Imager module and classify by production criticality. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
The Imager package before 1.025 for Perl has a heap-based buffer overflow leading to denial of service, or possibly unsp
Heap buffer overflow in Imager for Perl versions through 1.030 allows remote attackers to corrupt memory and potentially
Heap buffer overflow in Imager::File::GIF (Perl image processing library) versions through 1.002 allows local attackers
Same weakness CWE-196 – Unsigned to Signed Conversion Error
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42226
GHSA-j48m-64vj-6rm9