Imager would search the default current directory entry in @INC when searching for file format support modules.

• https://metacpan.org/dist/Imager/changes
• http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html
• http://www.securitytracker.com/id/1036440
• http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab
• https://rt.perl.org/Public/Bug/Display.html?id=127834
• http://www.securityfocus.com/bid/92136
• http://www.debian.org/security/2016/dsa-3628
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/
• https://security.gentoo.org/glsa/201701-75
• https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E
• https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html
• https://security.gentoo.org/glsa/201812-07
• http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html

When drawing on an image with an alpha channel where the source minimum is greater than zero, Imager would read from beyond the end of a malloc() allocated buffer. In rare circumstances this could lead to some of the source image not being written to the target image, or possibly to a segmentation fault.

• https://metacpan.org/dist/Imager/changes

Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libimager-perl) 0.45 through 0.56 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted 8-bit/pixel compressed BMP files.

• http://imager.perl.org/a/65.html
• http://rt.cpan.org/Public/Bug/Display.html?id=26811
• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=421582
• http://www.debian.org/security/2008/dsa-1498
• http://www.securityfocus.com/bid/23711
• http://secunia.com/advisories/25038
• http://secunia.com/advisories/28868
• http://osvdb.org/39846
• http://www.vupen.com/english/advisories/2007/1587
• http://osvdb.org/35470
• https://exchange.xforce.ibmcloud.com/vulnerabilities/34010

Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a scalar, which triggers a NULL pointer dereference.

• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661
• http://rt.cpan.org/Public/Bug/Display.html?id=18397
• http://secunia.com/advisories/19575
• http://secunia.com/advisories/19577
• http://www.debian.org/security/2006/dsa-1028
• http://www.securityfocus.com/bid/17415
• http://www.vupen.com/english/advisories/2006/1294
• https://exchange.xforce.ibmcloud.com/vulnerabilities/25717
• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661
• http://rt.cpan.org/Public/Bug/Display.html?id=18397
• http://secunia.com/advisories/19575
• http://secunia.com/advisories/19577
• http://www.debian.org/security/2006/dsa-1028
• http://www.securityfocus.com/bid/17415
• http://www.vupen.com/english/advisories/2006/1294
• https://exchange.xforce.ibmcloud.com/vulnerabilities/25717

"invalid next size" backtrace on use of trim on certain images

• https://metacpan.org/dist/Imager/changes
• https://github.com/tonycoz/imager/issues/534