Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. An attacker could craft an image with EXIF data that terminates a worker process.
History

Wed, 08 Jul 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Tonyc
Tonyc imager
Vendors & Products Tonyc
Tonyc imager

Wed, 08 Jul 2026 13:00:00 +0000

Type Values Removed Values Added
Description Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. An attacker could craft an image with EXIF data that terminates a worker process.
Title Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed
Weaknesses CWE-196
CWE-789
References

cve-icon MITRE

Status: PUBLISHED

Assigner: CPANSec

Published:

Updated: 2026-07-08T12:30:20.230Z

Reserved: 2026-07-02T08:18:50.542Z

Link: CVE-2026-14454

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-08T14:45:03Z