Source: libimager-perl
Version: 1.032+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for libimager-perl.

CVE-2026-14454[0]:
| Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry
| counts as signed.  Imager mishandled large EXIF IFD entry count
| values, treating them as negative numbers.  This could lead to an
| attempt to allocate a block nearly the size of the address space,
| which fails and kills the process.  An attacker could craft an image
| with EXIF data that terminates a worker process.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-14454
    https://www.cve.org/CVERecord?id=CVE-2026-14454
[1] https://lists.security.metacpan.org/cve-announce/msg/41637674/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply via email to