Memory Leak Vulnerability in JPEG Processing for Perl by Imager
CVE-2026-13708
Currently unrated
What is CVE-2026-13708?
The Imager::File::JPEG module for Perl exhibits a memory leak when processing JPEG files containing repeated APP13 markers. Specifically, the i_readjpeg_wiol function allocates new memory buffers for each APP13 marker without releasing the previous memory, leading to increased memory usage on every read. In long-running processes, such as those performing file uploads or image thumbnailing, this can accumulate and eventually exhaust available memory resources, resulting in a denial of service condition. The vulnerability affects versions prior to 1.032, which has since been patched.
Affected Version(s)
Imager::File::JPEG 0 < 1.003
