But frankly, I'd be content to trust the file name, and so would focus on the first reply above.
This may be a good idea when you can trust the data source, i.e. when you work with your own files. In a network context (CGI, mod_perl, e-mail, ...), relying on meta data (name, MIME type, ...) sent from a foreign computer opens a big security hole. The only safe way to verify a file in that context is to read it and test that it matches the specification. There are several modules on CPAN for that job. For images, Image::Size may be a good strating point.
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)