CVE-2026-8454 - Vulnerability Details

- Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files

Description

Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files.

Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file.

The page-match branch validates Image.Width + Image.Left > SWidth before each DGifGetLine write, but the parallel skip-image branch at imgif.c:790-805 calls DGifGetLine(GifFile, GifRow, Width) with no such check.

Published: 2026-05-15

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Imager::File::GIF versions through 1.002 for Perl contain a heap out‑of‑bounds write that is triggered by processing multi‑frame GIF files. The flaw arises from an unchecked call to DGifGetLine in a skip‑image branch that bypasses the buffer‑length validation performed elsewhere in the code. This bug can corrupt arbitrary memory on the heap, potentially leading to a crash, data corruption, or the execution of malicious code if an attacker can influence the bytes written by the call.

Affected Systems

The vulnerability affects the TONYC Imager::File::GIF Perl package, specifically the 1.000, 1.001 and 1.002 releases that are used to read GIF images in Perl scripts and applications.

Risk and Exploitability

EPSS score is < 1% and the vulnerability is not listed in CISA KEV, and CVSS score is 5.3, so the severity can be quantified as moderate. However, the out‑of‑bounds write is a severe memory corruption flaw; if an untrusted GIF is processed by code with sufficient privileges, the vulnerability can be exploited. Based on the description, it is inferred that the attack vector is any process that loads user‑supplied GIF files, such as a web server, image conversion utility or desktop application, where the attacker can supply a crafted file. The lack of an explicit bounds check makes exploitation straightforward for an attacker who can control the GIF data.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TONYC

Imager::File::GIF

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.002

No data.

No data available yet.

Remediation

Vendor Solution

Upgrade to Imager::File::GIF 1.003.

OpenCVE Recommended Actions

Upgrade Imager::File::GIF to version 1.003 or later as provided by the vendor.
Validate the size and dimensions of any GIF file before handing it to the library to ensure internal buffer bounds are respected.
Run code that processes untrusted GIFs with the least privilege possible or in a sandboxed environment to limit damage from a potential out‑of‑bounds write.

Generated by OpenCVE AI on May 15, 2026 at 16:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00005.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
http://www.openwall.com/lists/oss-security/2026/05/15/15
https://github.com/tonycoz/imager/commit/782e9c06cc75a0f7eed383f39522f51f44598b04.patch
https://metacpan.org/release/TONYC/Imager-File-GIF-1.003/source/Changes

History

Fri, 15 May 2026 22:30:00 +0000

Type	Values Removed	Values Added
References		http://www.openwall.com/lists/oss-security/2026/05/15/15

Fri, 15 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 15 May 2026 11:45:00 +0000

Type	Values Removed	Values Added
Description		Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file. The page-match branch validates Image.Width + Image.Left > SWidth before each DGifGetLine write, but the parallel skip-image branch at imgif.c:790-805 calls DGifGetLine(GifFile, GifRow, Width) with no such check.
Title		Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files
Weaknesses		CWE-787
References		https://github.com/tonycoz/imager/commit/782e9c06cc75a0f7eed383f39522f51f44598b04.patch https://metacpan.org/release/TONYC/Imager-File-GIF-1.003/source/Changes

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: CPANSec

Published: 2026-05-15T10:57:13.884Z

Updated: 2026-05-15T21:23:30.040Z

Reserved: 2026-05-13T02:02:58.825Z

Link: CVE-2026-8454

Vulnrichment

Updated: 2026-05-15T21:23:30.040Z

NVD

Status : Awaiting Analysis

Published: 2026-05-15T12:17:09.330

Modified: 2026-05-15T22:16:56.737

Link: CVE-2026-8454

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-15T16:45:03Z

Weaknesses

CWE-787

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object