Imager for Perl versions through 1.030 contain a heap out-of-bounds write vulnerability in multi-frame GIF processing. The flaw exists in `Imager::File::GIF`'s `i_readgif_multi_low` function, which allocates a single row buffer (`GifRow`) sized to the GIF's global screen width (`SWidth`) and reuses it across all images in the file. While the page-match branch validates `Image.Width + Image.Left > SWidth` [truncated]
CVE-2026-8454 is a medium-severity memory corruption issue in Imager::File::GIF for Perl. According to the NVD record and linked project patch, crafted multi-frame GIF files can reach a heap out-of-bounds write in the reader’s skip-image path because a bounds check present in the page-match branch was not applied there. The fix is available in Imager-File-GIF 1.003.