Primary

Context

Imager::File::GIF Heap Buffer Overflow Vulnerability Allowing Out-of-Bounds Write

Vulnerability

A heap buffer overflow vulnerability has been identified in Imager::File::GIF, all versions prior to 1.003, for Perl. This vulnerability allows an out-of-bounds write on crafted multi-frame GIF files. The issue arises in the 'i_readgif_multi_low' function, which allocates a single buffer per row sized for the GIF's global screen width. This buffer is reused across every image in the file. While the page-match branch includes a validation check before writing each line, the parallel skip-image branch fails to perform this check, allowing for the buffer overflow.

Impact

Exploitation of this vulnerability leads to a heap buffer overflow, which can commonly result in arbitrary code execution or a denial-of-service condition.

Remediation

Users can upgrade to Imager::File::GIF version 1.003 to address this vulnerability.

Added: May 15, 2026, 12:32 PM

Updated: May 15, 2026, 12:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

0.0

relevance

8.4

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

0.0

relevance

8.4

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Imager::File::GIF Heap Buffer Overflow Vulnerability Allowing Out-of-Bounds Write

Vulnerability

Impact

Remediation

Affected Products

Imager::File::GIF

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating