What is the CVSS score of CVE-2026-8669?

CVE-2026-8669 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-8669?

Yes, a patch is available for CVE-2026-8669. Update the affected software to the latest version immediately.

Imager for Perl CVE-2026-8669

EUVD-2026-30541 MEDIUM

Out-of-bounds Write (CWE-787)

2026-05-15 CPANSec

GHSA-6275-mpwc-pq3g

Buffer Overflow Memory Corruption

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Source Code Evidence Fetched

May 15, 2026 - 17:00 vuln.today

Analysis Generated

May 15, 2026 - 17:00 vuln.today

CVSS changed

May 15, 2026 - 16:22 NVD

6.5 (MEDIUM)

CVE Published

May 15, 2026 - 13:31 nvd

UNKNOWN (no severity yet)

DescriptionNVD

Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files.

Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file.

The page-match branch validates Image.Width + Image.Left > SWidth before each DGifGetLine write, but the parallel skip-image branch at imgif.c:790-805 calls DGifGetLine(GifFile, GifRow, Width) with no such check.

AnalysisAI

Heap buffer overflow in Imager for Perl versions through 1.030 allows remote attackers to corrupt memory and potentially read limited data via specially crafted multi-frame GIF files. The vulnerability stems from missing bounds validation in the skip-image code path of i_readgif_multi_low(), which reuses a fixed-size buffer allocated for the GIF's global screen width without checking if subsequent image frames exceed these dimensions. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-8669 vulnerability details – vuln.today

Back

Imager for Perl CVE-2026-8669

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code