CVE-2026-14454
Last modified
CVE-2026-14454 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. An attacker could craft an image with EXIF data that terminates a worker process.. EPSS estimates a 0.18% chance of exploitation in the next 30 days.
Description
Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. An attacker could craft an image with EXIF data that terminates a worker process.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| TONYC | Imager | < 1.033 |
References
Timeline
- Published
- Last Modified
- Status
- Awaiting Analysis
Frequently Asked Questions
What is CVE-2026-14454?
How severe is CVE-2026-14454?
How do I fix CVE-2026-14454?
Related CVEs from 2026
- CVE-2026-14432Use after free in V8 in Google Chrome prior to 150.0.7871.46…8.8
- CVE-2026-14439A path traversal vulnerability exists in the Git Service com…9.4
- CVE-2026-1444A vulnerability has been found in iJason-Liu Books_Manager u…2.4
- CVE-2026-14440Description: To issue and renew TLS certificates on beha…7.6
- CVE-2026-14449u5CMS through v12.8.8 is vulnerable to reflected XSS via the…6.4
- CVE-2026-1445A vulnerability was found in iJason-Liu Books_Manager up to …4.7
- CVE-2026-14459Improper neutralization of argument delimiters in a command …8.8
- CVE-2026-1446There is a Cross‑Site Scripting (XSS) issue in Esri ArcGIS P…5
- CVE-2026-14460Missing Authorization vulnerability in TUBITAK BILGEM Softwa…8.8
- CVE-2026-14461mtr is vulnerable to Out-of-bound read vulnerability in ipin…5.1
- CVE-2026-14468HashiCorp Terraform Enterprise contained an issue in its ver…7.7
- CVE-2026-1447The Mail Mint plugin for WordPress is vulnerable to Cross-Si…5.4
Are you affected by CVE-2026-14454?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
