Actual images will not contain code. But there's nothing stopping someone from trying to get an "image" file uploaded, and then try and get it to execute.
Your interpreters (Perl, PHP, whatever) should be set up so that they only execute certain file types (i.e. .php or .php5). There's no reason Perl or PHP should be parsing image files.
Just use the following common sense to protect yourself:
1) Verify the mime type of the document
2) Enforce policies that only allow uploading files of a certain extension
3) Don't accept filenames at face value. Generate your own internal file name and use a database table to keep the mapping.
4) If you're truly paranoid, find some code to check that the byte signatures are valid for the given file type upload.