Security Advisories (1)
CVE-2026-13082 (2026-07-17)

GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a (by default) six-character string. The built-in rand function is unsuitable for security applications because it is predictable and reversible.

Changes for version 1.75 - 2018-12-24

  • Drop legacy workarounds and documentation about those as well.
  • In relation to that, we now depend on relatively new versions of both GD & PerlMagick.
  • These methods are now also removed a from the backends as well: _versiongt _versionlt
  • Distro fix.

Examples