CVE-2026-14454

CVE-2026-14454 is a security vulnerability that is still awaiting full analysis and scoring. The underlying weakness is classified as CWE-196.

Key facts

Description

Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. An attacker could craft an image with EXIF data that terminates a worker process.

Frequently asked questions

What is CVE-2026-14454?
Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. An attacker could craft an image with EXIF data that terminates a worker process.
Is CVE-2026-14454 being actively exploited?
It is not currently listed in CISA's Known Exploited Vulnerabilities catalog, and no EPSS exploit-prediction score is available yet.
How do I fix CVE-2026-14454?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2026-14454 published?
CVE-2026-14454 was published on 2026-07-08.

References

Other CWE-196 vulnerabilities

Browse all CWE-196 vulnerabilities →