Your message dated Mon, 06 Jul 2026 19:04:09 +0000
with message-id <[email protected]>
and subject line Bug#1141587: fixed in libimager-perl 1.032+dfsg-1
has caused the Debian Bug report #1141587,
regarding libimager-perl: CVE-2026-13705 CVE-2026-13708
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1141587: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1141587
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libimager-perl
Version: 1.031+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for libimager-perl.
CVE-2026-13705[0]:
| Imager versions before 1.032 for Perl have a heap out-of-bounds read
| in the bundled Imager::File::SGI reader via a 16-bit RLE literal run
| in read_rgb_16_rle. read_rgb_16_rle guards each literal run with if
| (count > data_left), but count is a pixel count while every 16-bit
| sample consumes two bytes. The copy loop reads inp[0] * 256 + inp[1]
| and advances two bytes per pixel, so a run with data_left / 2 <
| count <= data_left passes the guard yet consumes 2 * count bytes and
| reads past the end of the buffer. The 8-bit path is unaffected
| because there one pixel is one byte. Reading a crafted SGI image
| through Imager->read triggers the over-read before the parser
| rejects the malformed image, which can crash the process.
CVE-2026-13708[1]:
| Imager::File::JPEG versions before 1.003 for Perl leak heap memory
| when reading a JPEG with repeated APP13 markers in i_readjpeg_wiol.
| i_readjpeg_wiol walks the marker list libjpeg returns and, for each
| APP13 marker, allocates a new buffer with *iptc_itext =
| mymalloc(...) and overwrites the previous pointer without freeing
| it. Only the final payload is later turned into a Perl scalar and
| freed, so a JPEG with N such markers leaks the first N-1 payloads on
| every read. In a long-lived process, such as an upload or
| thumbnailing service, repeated reads accumulate these leaks and
| exhaust available memory, a denial of service. The same handler
| ships bundled in the Imager distribution, where versions before
| 1.032 are affected and the fix ships in 1.032.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-13705
https://www.cve.org/CVERecord?id=CVE-2026-13705
https://lists.security.metacpan.org/cve-announce/msg/41572386/
[1] https://security-tracker.debian.org/tracker/CVE-2026-13708
https://www.cve.org/CVERecord?id=CVE-2026-13708
https://lists.security.metacpan.org/cve-announce/msg/41572486/
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libimager-perl
Source-Version: 1.032+dfsg-1
Done: gregor herrmann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libimager-perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
gregor herrmann <[email protected]> (supplier of updated libimager-perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 06 Jul 2026 20:41:34 +0200
Source: libimager-perl
Architecture: source
Version: 1.032+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <[email protected]>
Changed-By: gregor herrmann <[email protected]>
Closes: 1141587
Changes:
libimager-perl (1.032+dfsg-1) unstable; urgency=medium
.
* Import upstream version 1.032+dfsg.
- JPEG: fix a memory leak from reading a JPEG image with more than
one IPTC/APP13 block
CVE-2026-13708
- SGI: fix a buffer read over flow when reading a crafted RLE SGI
file.
CVE-2026-13705
Closes: #1141587
* Update years of packaging copyright.
Checksums-Sha1:
7aac98d3e4c5aecd6238566329f52a5b8d3d8c20 2659 libimager-perl_1.032+dfsg-1.dsc
2ba44d9ff81253fee0c94401dafff1de51253948 935440
libimager-perl_1.032+dfsg.orig.tar.xz
9876fcaeb13578496363c36fd78f497a6251003f 13324
libimager-perl_1.032+dfsg-1.debian.tar.xz
Checksums-Sha256:
fa74b12ad3fc48c3456827d73028f4b2e43f250b86a61c65320ac4db5bb32c37 2659
libimager-perl_1.032+dfsg-1.dsc
f70c204df48350afe3385559020b999366038b70d47c3696094bc88f7585cd91 935440
libimager-perl_1.032+dfsg.orig.tar.xz
5e74a253da9eb1abd22950c23bdab72a6750742c6af6d5095af352c0aa79067c 13324
libimager-perl_1.032+dfsg-1.debian.tar.xz
Files:
9fca951a53d1aafdd9d7d91d3a01f8d4 2659 perl optional
libimager-perl_1.032+dfsg-1.dsc
3f1a6712da125d107e4033bc47c0d1f8 935440 perl optional
libimager-perl_1.032+dfsg.orig.tar.xz
bf190a2b64b135b3b7f5021a060e1710 13324 perl optional
libimager-perl_1.032+dfsg-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmpL+AZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgai0BAAwU62myOiozIDDuAuvLy+zsW3pqwK+VbQyaaaxuftvV/0UWxD/SJl7hVd
XElJvHjfZDLegrdlm33/eGhhNvk7Xm6hxBiMFXpTVTGe/xyQD+KaIBrRLY7xfQJC
LTAnmd/vCLRZqVg1rXteGcxILNiEl9HPWsWp6tzqAEChaLKllvIEr8Q3MS101lTu
PaR7yznYQ6Y6udr1Kr10eV2eS1hekKfabhp5QK/zAXw3b5Xq7Wp3+n9bXBJNJFuZ
iXPbjcIFCKjiSHAgCWfL7Qq6Iet2hUqntfjVlmFYW1qypsbfQfrAZ/6Y7JQjZlmZ
0iZyFnFYh5XBP+juhAkQI9KHPl2nLDzvLDP564N6FciUMwCcl5yE3XXhsyzMgkJc
j2K+yABCgxsCur3bH+zWv07Rgc9CsZLjeKz1EFm6co2AJc6dzgOJe1hQ25Ugvjli
jSVTKw6uw2SjNuBdoDjLC3OdaGv8H9TAOUpM2CLBKD37M/3OzDR5tZG44VLKFDIn
lMxzGA1E3PNmy3SFFLX9rh8/zjeI24F2qVIOpvVXU0eIVTx6Troh9dIp3z/YvntK
WgXwU2xBY+WPlwbh7aB3ay5R8TMb5mXGcTuGmkKOikb1CBffXPgiJ2o9c7LvRJK0
r5YjOhaA685ovwA1UsHvoNEJ1rVTdaPfPnzVOXmmGe9B125lYp4=
=2OM4
-----END PGP SIGNATURE-----
pgpAFoFBGfrH7.pgp
Description: PGP signature
--- End Message ---