CVE-2026-8669

Source
https://cve.org/CVERecord?id=CVE-2026-8669
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8669.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-8669
Downstream
Published
2026-05-15T13:31:14.449Z
Modified
2026-07-08T08:13:52.294531112Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files
Details

Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files.

Imager::File::GIF's ireadgifmulti_low allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file.

The page-match branch validates Image.Width + Image.Left > SWidth before each DGifGetLine write, but the parallel skip-image branch at imgif.c:790-805 calls DGifGetLine(GifFile, GifRow, Width) with no such check.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8669.json",
    "cna_assigner": "CPANSec",
    "cwe_ids": [
        "CWE-787"
    ]
}
References

Affected packages

Git / github.com/tonycoz/imager

Affected ranges

Type
GIT
Repo
https://github.com/tonycoz/imager
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "source": [
        "DESCRIPTION",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.030"
        }
    ]
}

Affected versions

Imager-0.*
Imager-0.49
Imager-0.51_01
Imager-0.51_02
Imager-0.52
Imager-0.53
Imager-0.55
Imager-0.58
Imager-0.59
Imager-0.60
Imager-0.61
Imager-0.63
Imager-0.65
Imager-0.71
Imager-0.72
Imager-0.75
Imager-0.76
Imager-0.77
Imager-0.78
Imager-0.79
Imager-0.80
Imager-0.81
Imager-0.82
Other
Imager-0_38
Imager-0_38pre9
v0.*
v0.82_01
v0.83
v0.84
v0.84_01
v0.84_02
v0.85
v0.85_01
v0.85_02
v0.86
v0.87
v0.88
v0.89
v0.90
v0.91
v0.92
v0.93
v0.94
v0.94_01
v0.94_02
v0.95
v0.96
v0.96_01
v0.96_02
v0.97
v0.98
v0.99
v0.99_01
v0.99_02
v1.*
v1.000
v1.001
v1.002
v1.003
v1.004
v1.004_001
v1.004_002
v1.004_003
v1.004_004
v1.005
v1.006
v1.007
v1.008
v1.009
v1.010
v1.011
v1.012
v1.013
v1.014
v1.015
v1.016
v1.017
v1.018
v1.019
v1.020
v1.021
v1.022
v1.023
v1.024
v1.025
v1.026
v1.027
v1.028
v1.029
v1.030

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8669.json"