CVE-2026-14454

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
08/07/2026
Last modified:
08/07/2026

Description

Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed.<br /> <br /> Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process.<br /> <br /> An attacker could craft an image with EXIF data that terminates a worker process.

Impact