CVE-2024-53901

MEDIUM EPSS 29.8%
Published Nov 24, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Nov 24, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

The Imager package before 1.025 for Perl has a heap-based buffer overflow leading to denial of service, or possibly unspecified other impact, when the trim() method is called on a crafted input image.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
29.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-120
CWE-787 Out-of-bounds Write Memory Safety

Affected Products 1

VendorProductVersionRange
tonycozimager* <1.025

References 4

  • github.com https://github.com/briandfoy/cpan-security-advisory/issues/167
    Issue TrackingPatch
  • github.com https://github.com/briandfoy/cpan-security-advisory/issues/171
    Issue Tracking
  • github.com https://github.com/tonycoz/imager/issues/534
    ExploitIssue Tracking
  • metacpan.org https://metacpan.org/release/TONYC/Imager-1.025/changes
    Release Notes

Remediation

  • github.com https://github.com/briandfoy/cpan-security-advisory/issues/167
    Issue TrackingPatch