Critical EXIF Handling Vulnerability in Fedora Perl-Imager

Critical EXIF Handling Vulnerability in Fedora Perl-Imager

First seen 16 Jul 2026, 09:23 UTC Linuxsecurity 95% similarity 70.5

Article Content

Browse articles
ThreatCluster

A critical vulnerability, CVE-2026-14454, was published on July 8, 2026, affecting the Perl-Imager library in Fedora systems. This vulnerability mishandles large EXIF IFD entry count values, treating them as negative numbers, which could lead to allocation failures and program crashes. The issue impacts users of Fedora 43 and Fedora 44, requiring immediate updates to mitigate potential exploitation. The vulnerability was introduced in Imager version 1.021 and has been fixed in version 1.033. Users are advised to upgrade using the 'dnf' package manager to ensure system security. The fix addresses memory leaks in the bumpmap filters and TIFF processing as well. The current status is that the patch is available and should be applied promptly.

Key Points: • CVE-2026-14454 affects Fedora 43 and 44 due to EXIF handling issues. • The vulnerability can cause allocation failures and program exits. • Users are urged to upgrade to Perl-Imager version 1.033 to mitigate risks.

ThreatCluster AI

Timeline

2026-07-07
Patch released for Perl-Imager
Version 1.033 of Perl-Imager was released to fix CVE-2026-14454 and other memory leaks.
Linuxsecurity
2026-07-08
CVE-2026-14454 published
A critical vulnerability in Perl-Imager was disclosed, affecting EXIF handling.
Linuxsecurity
Recent
Users advised to upgrade
Fedora users are urged to apply the patch using 'dnf' to prevent potential crashes.
Linuxsecurity

Community

Browse all →