Heap Out-of-Bounds Read in Imager for Perl Before Version 1.032
CVE-2026-13705

Currently unrated

Key Information:

Vendor

Tonyc

Status
Vendor
CVE Published:
6 July 2026

What is CVE-2026-13705?

The Imager module for Perl, specifically versions prior to 1.032, is susceptible to a heap out-of-bounds read vulnerability caused by improper handling of 16-bit RLE literal runs in the read_rgb_16_rle function. A pixel count mismatch may allow crafted SGI images to trigger a buffer over-read, potentially leading to program crashes. This occurs when the parser attempts to process malformed images, creating a risk in applications relying on this image processing library.

Affected Version(s)

Imager 0 < 1.032

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.