Skip to main content

Imager::File::GIF EUVDEUVD-2026-30535

| CVE-2026-8454 MEDIUM
Out-of-bounds Write (CWE-787)
2026-05-15 CPANSec GHSA-8r2w-8p2v-h4g4
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Source Code Evidence Fetched
May 15, 2026 - 15:27 vuln.today
Analysis Generated
May 15, 2026 - 15:27 vuln.today
CVSS changed
May 15, 2026 - 15:22 NVD
5.3 (MEDIUM)
CVE Published
May 15, 2026 - 10:57 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files.

Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file.

The page-match branch validates Image.Width + Image.Left > SWidth before each DGifGetLine write, but the parallel skip-image branch at imgif.c:790-805 calls DGifGetLine(GifFile, GifRow, Width) with no such check.

AnalysisAI

Heap buffer overflow in Imager::File::GIF (Perl image processing library) versions through 1.002 allows local attackers to corrupt memory via specially crafted multi-frame GIF files. The vulnerability stems from missing boundary validation in the skip-image code path, which writes image data beyond allocated buffer boundaries when processing malformed GIF frames. With EPSS score at 0.02% (5th percentile) and no evidence of active exploitation, this represents a low-probability supply chain risk for Perl applications processing untrusted GIF files. Patch released in version 1.003.

Technical ContextAI

Imager::File::GIF is a Perl module for reading and writing GIF images, part of the broader Imager image processing framework. The vulnerability affects the i_readgif_multi_low function in imgif.c, which processes multi-frame GIF files. The function allocates a single per-row buffer (GifRow) sized according to the GIF's global screen width (SWidth) and reuses it across all frames. While the primary image-processing branch validates that Image.Width + Image.Left does not exceed SWidth before writing via DGifGetLine, the parallel skip-image branch (lines 790-805 in the original code) omits this validation check. This CWE-787 (Out-of-bounds Write) allows attackers to craft GIF files where individual frames declare dimensions that exceed the global screen size, causing DGifGetLine to write past the allocated buffer boundary during the skip operation, resulting in heap corruption.

RemediationAI

Upgrade to Imager::File::GIF version 1.003 or later, which includes bounds validation checks moved earlier in the processing flow to cover both the page-match and skip-image code paths. The fix validates that Image.Left + Image.Width does not exceed SWidth and Image.Top + Image.Height does not exceed SHeight before any DGifGetLine operations. Update via CPAN with cpan Imager::File::GIF or manual installation from https://metacpan.org/release/TONYC/Imager-File-GIF-1.003. If immediate upgrade is not feasible, implement input validation to reject GIF files where individual frame dimensions exceed the declared global screen dimensions, though this requires custom parsing logic. For web applications, consider restricting GIF uploads or re-encoding uploaded GIFs through a sandboxed service using the patched library version. No workaround provides equivalent protection to the vendor patch.

Share

EUVD-2026-30535 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy