CVE-2026-13708

Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in i_readjpeg_wiol. i_readjpeg_wiol walks the marker list libjpeg returns and, for each APP13 marker, allocates a new buffer with *iptc_itext = mymalloc(...) and overwrites the previous pointer without freeing it. Only the final payload is later turned into a Perl scalar and freed, so a JPEG with N such markers leaks the first N-1 payloads on every read. In a long-lived process, such as an upload or thumbnailing service, repeated reads accumulate these leaks and exhaust available memory, a denial of service. The same handler ships bundled in the Imager distribution, where versions before 1.032 are affected and the fix ships in 1.032.
Configurations

No configuration.

History

06 Jul 2026, 19:16

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2026/07/06/4 -
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

06 Jul 2026, 13:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-06 13:16

Updated : 2026-07-06 19:16


NVD link : CVE-2026-13708

Mitre link : CVE-2026-13708

CVE.ORG link : CVE-2026-13708


JSON object : View

Products Affected

No product.

CWE
CWE-401

Missing Release of Memory after Effective Lifetime