Security Advisory

CVE-2026-8454

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-05-15 10:57:13

Last updated 2026-05-15 21:23:30

Assigner CPANSec

State PUBLISHED

Description

Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIFs i_readgif_multi_low allocates a single per-row buffer GifRow sized for the GIFs global screen width SWidth and reuses it across every image in the file. The page-match branch validates Image.Width + Image.Left > SWidth before each DGifGetLine write, but the parallel skip-image branch at imgif.c:790-805 calls DGifGetLine(GifFile, GifRow, Width) with no such check.

← Browse all CVEs View on cve.org ↗