Impact
A heap out‑of‑bounds read occurs in the Imager::File::SGI reader when it processes a 16‑bit RLE literal run. The guard checks only the pixel count, but the copy loop consumes two bytes per pixel, so a run that uses more bytes than the remaining data length will read past the buffer. The over‑read happens before the parser rejects the malformed image, causing the running interpreter to crash. No evidence indicates that the flaw can be leveraged for arbitrary code execution or disclosure of sensitive data; it results in a denial‑of‑service condition because the process terminates.
Affected Systems
The vulnerability affects the TONYC Imager Perl module for versions earlier than 1.032. Any Perl application that imports Imager and processes SGI image files—such as web front‑ends, image conversion utilities, or automated pipelines—can be compromised if it accepts user‑provided SGI files. The flaw is triggered only when the SGI image contains a malformed 16‑bit RLE literal run, so applications that validate or sanitize input images might avoid exploitation.
Risk and Exploitability
The CVSS score of 7.1 indicates a moderate‑to‑high severity. The EPSS score of < 1% reflects a very low probability of exploitation. The flaw is not listed in the CISA KEV catalog. The attack vector is likely limited to environments where a crafted SGI image can be supplied such as file uploads or network transport. Because the flaw only causes a crash without enabling code execution, the risk is confined to service disruption rather than privilege escalation or data theft.
OpenCVE Enrichment