CVE-2026-3031
Deferred Deferred - Pending Action

Outdated Epeg Library in Image::EPEG for Perl

Vulnerability report for CVE-2026-3031, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: CPANSec

Description

Image::EPEG versions through 0.15 for Perl embeds an unsupported version of the Epeg library. Image::EPEG includes Epeg 0.9.0 that was last updated in 2004. Epeg is a fast JPEG thumbnail library that was once part of the Englightenment Project.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1104 The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the original developer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-3031 is a vulnerability in the Image::EPEG Perl module through version 0.15. It embeds an outdated and unsupported version of the Epeg library (0.9.0 from 2004). The Epeg library is a fast JPEG thumbnail library originally part of the Enlightenment Project. The vulnerability stems from using an old, unmaintained library with known bugs and security flaws.

Detection Guidance

To detect this vulnerability, check if the Image::Epeg Perl module version 0.15 or earlier is installed on your system. Use commands like 'perl -MImage::Epeg -e "print $Image::Epeg::VERSION"' to verify the version. Additionally, inspect any applications that process JPEG images for use of this module.

Impact Analysis

This vulnerability allows attackers to execute arbitrary code or cause denial of service by tricking users into opening specially crafted JPEG image files. Since the Image::EPEG module lacks proper input validation, malicious images can trigger buffer overflows or memory corruption, potentially compromising systems that process untrusted images.

Compliance Impact

This vulnerability does not directly affect compliance with GDPR or HIPAA as it relates to a deprecated Perl module with known bugs and lack of maintenance. The issue involves memory corruption from improper bounds checking in image processing, which could lead to arbitrary code execution or denial of service if exploited. However, no evidence suggests direct impacts on data protection standards like GDPR or HIPAA.

Mitigation Strategies

Immediately remove or upgrade the Image::Epeg module to a non-vulnerable version. Avoid using this module entirely due to its deprecated status and known bugs. Replace it with a maintained alternative for JPEG processing. Ensure all image processing libraries are updated to the latest secure versions.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3031. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart