Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed.
Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process.
An attacker could craft an image with EXIF data that terminates a worker process.
Metrics
Affected Vendors & Products
References
History
Wed, 08 Jul 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Tonyc
Tonyc imager |
|
| Vendors & Products |
Tonyc
Tonyc imager |
Wed, 08 Jul 2026 13:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. An attacker could craft an image with EXIF data that terminates a worker process. | |
| Title | Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed | |
| Weaknesses | CWE-196 CWE-789 |
|
| References |
|
Status: PUBLISHED
Assigner: CPANSec
Published:
Updated: 2026-07-08T12:30:20.230Z
Reserved: 2026-07-02T08:18:50.542Z
Link: CVE-2026-14454
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T14:45:03Z