Heap Out of Bounds Vulnerability in Imager::File::GIF for Perl
CVE-2026-8454

5.3MEDIUM

Key Information:

Vendor

Tonyc

Vendor
CVE Published:
15 May 2026

What is CVE-2026-8454?

The Imager::File::GIF module for Perl contains a vulnerability in its handling of multi-frame GIF files, allowing for potential heap out of bounds writes. The issue arises in the i_readgif_multi_low function, where a single per-row buffer, sized according to the GIF's global screen width, is reused across all images within a file. While there is validation for some write operations regarding image dimensions, other branches of the code allow unchecked access, posing a risk of memory corruption and potential exploitation by attackers.

Affected Version(s)

Imager::File::GIF 0 <= 1.002

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.