Memory Leak Vulnerability in JPEG Processing for Perl by Imager
CVE-2026-13708

Currently unrated

Key Information:

Vendor

Tonyc

Vendor
CVE Published:
6 July 2026

What is CVE-2026-13708?

The Imager::File::JPEG module for Perl exhibits a memory leak when processing JPEG files containing repeated APP13 markers. Specifically, the i_readjpeg_wiol function allocates new memory buffers for each APP13 marker without releasing the previous memory, leading to increased memory usage on every read. In long-running processes, such as those performing file uploads or image thumbnailing, this can accumulate and eventually exhaust available memory resources, resulting in a denial of service condition. The vulnerability affects versions prior to 1.032, which has since been patched.

Affected Version(s)

Imager::File::JPEG 0 < 1.003

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.