Heap Out of Bounds Vulnerability in Imager::File::GIF for Perl
CVE-2026-8454
5.3MEDIUM
What is CVE-2026-8454?
The Imager::File::GIF module for Perl contains a vulnerability in its handling of multi-frame GIF files, allowing for potential heap out of bounds writes. The issue arises in the i_readgif_multi_low function, where a single per-row buffer, sized according to the GIF's global screen width, is reused across all images within a file. While there is validation for some write operations regarding image dimensions, other branches of the code allow unchecked access, posing a risk of memory corruption and potential exploitation by attackers.
Affected Version(s)
Imager::File::GIF 0 <= 1.002
