CVE-2026-14454
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
08/07/2026
Last modified:
08/07/2026
Description
Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed.<br />
<br />
Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process.<br />
<br />
An attacker could craft an image with EXIF data that terminates a worker process.



