CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-14454

criticalCVSS 9.8covered by 1 sourcefirst seen 2026-07-08
Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. An attacker could craft an image with EXIF data that terminates a worker process.

⚡ Watch CVE-2026-14454

Get an email if CVE-2026-14454 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-14454

CVE.org record

Embed the live status

CVE-2026-14454 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-14454 status](https://www.csirts.com/badge/CVE-2026-14454)](https://www.csirts.com/cve/CVE-2026-14454)