CVE-2026-8669: Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files

CVE-2026-8669: Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files Timothy Legge 15 May 2026 13:39 UTC

========================================================================
CVE-2026-8669                                        CPAN Security Group
========================================================================

         CVE ID:  CVE-2026-8669
   Distribution:  Imager
       Versions:  through 1.030

       MetaCPAN:  https://metacpan.org/dist/Imager
       VCS Repo:  https://github.com/tonycoz/imager

Imager versions through 1.030 for Perl allow a heap out of bounds (OOB)
write on crafted multi-frame GIF files

Description
-----------
Imager versions through 1.030 for Perl allow a heap out of bounds (OOB)
write on crafted multi-frame GIF files.

Imager::File::GIF's i_readgif_multi_low allocates a single per-row
buffer GifRow sized for the GIF's global screen width 'SWidth' and
reuses it across every image in the file.

The page-match branch validates Image.Width + Image.Left > SWidth
before each DGifGetLine write, but the parallel skip-image branch at
imgif.c:790-805 calls DGifGetLine(GifFile, GifRow, Width) with no such
check.

Problem types
-------------
- CWE-787 Out-of-bounds Write

Solutions
---------
Upgrade to Imager 1.031.

References
----------
https://metacpan.org/release/TONYC/Imager-1.031/source/Changes
https://github.com/tonycoz/imager/commit/782e9c06cc75a0f7eed383f39522f51f44598b04.patch

Timeline
--------
- 2026-05-12: Issue identified
- 2026-05-13: Issue reported to maintainer
- 2026-05-14: Maintainer acknowledged the report
- 2026-05-15: Fixed version released