Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files

Description

Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file. The page-match branch validates Image.Width + Image.Left > SWidth before each DGifGetLine write, but the parallel skip-image branch at imgif.c:790-805 calls DGifGetLine(GifFile, GifRow, Width) with no such check.

Affected Products

Vendor	Product	Versions
tony cook	imager	0

References

Related News (2 articles)

Tier C

oss-security15h ago

CVE-2026-8669: Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files

→ No new info (linked only)

Tier C

VulDB18h ago

CVE-2026-8669 | TONYC Imager up to 1.030 on Perl imgif.c Imager::File::GIF out-of-bounds write

→ No new info (linked only)

CVSS 3.16.5 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

https://github.com/tonycoz/imager/commit/782e9c06cc75a0f7eed383f39522f51f44598b04.patch

CWECWE-787

PublishedMay 15, 2026

Last enriched18h agov2

Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files

Description

Affected Products

References

Related News (2 articles)

Community Vote

Pin to Dashboard

Verification

Vulnerability Timeline

Version History