7

CVE-2026-23868

Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Giflib ProjectGiflib Version >= 5.0.0 <= 6.1.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.041
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.1 1.4 3.6
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-415 Double Free

The product calls free() twice on the same memory address.

CWE-825 Expired Pointer Dereference

The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.

https://www.facebook.com/security/advisories/cve-2026-23868
Third Party Advisory
https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/tree/gifalloc.c?diff=5146815377b7395944cb683a08c43eee3f631eb7
Patch
https://access.redhat.com/errata/RHSA-2026:16174
https://access.redhat.com/errata/RHSA-2026:16008
https://access.redhat.com/errata/RHSA-2026:16009
https://access.redhat.com/errata/RHSA-2026:16030
https://access.redhat.com/errata/RHSA-2026:19725
https://access.redhat.com/errata/RHSA-2026:19724
https://access.redhat.com/errata/RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:19154
https://access.redhat.com/errata/RHSA-2026:19367
https://access.redhat.com/errata/RHSA-2026:8858
https://access.redhat.com/errata/RHSA-2026:8859
https://access.redhat.com/errata/RHSA-2026:8861
https://access.redhat.com/errata/RHSA-2026:8883
https://access.redhat.com/errata/RHSA-2026:8884
https://access.redhat.com/errata/RHSA-2026:8885
https://access.redhat.com/errata/RHSA-2026:8886
https://access.redhat.com/errata/RHSA-2026:8887
https://access.redhat.com/errata/RHSA-2026:9290
https://access.redhat.com/errata/RHSA-2026:9291
https://access.redhat.com/errata/RHSA-2026:9292
https://access.redhat.com/errata/RHSA-2026:9294
https://access.redhat.com/errata/RHSA-2026:9295
https://access.redhat.com/security/cve/CVE-2026-23868
https://bugzilla.redhat.com/show_bug.cgi?id=2446207
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23868.json