7
CVE-2026-23868
- EPSS 0.14%
- Veröffentlicht 10.03.2026 18:53:25
- Zuletzt bearbeitet 30.06.2026 03:17:34
- Quelle cve-assign@fb.com
- CVE-Watchlists
- Unerledigt
Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Giflib Project ≫ Giflib Version >= 5.0.0 <= 6.1.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.041 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.1 | 1.4 | 3.6 |
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-415 Double Free
The product calls free() twice on the same memory address.
CWE-825 Expired Pointer Dereference
The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.
https://www.facebook.com/security/advisories/cve-2026-23868
https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/tree/gifalloc.c?diff=5146815377b7395944cb683a08c43eee3f631eb7
https://access.redhat.com/errata/RHSA-2026:16174
https://access.redhat.com/errata/RHSA-2026:16008
https://access.redhat.com/errata/RHSA-2026:16009
https://access.redhat.com/errata/RHSA-2026:16030
https://access.redhat.com/errata/RHSA-2026:19725
https://access.redhat.com/errata/RHSA-2026:19724
https://access.redhat.com/errata/RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:19154
https://access.redhat.com/errata/RHSA-2026:19367
https://access.redhat.com/errata/RHSA-2026:8858
https://access.redhat.com/errata/RHSA-2026:8859
https://access.redhat.com/errata/RHSA-2026:8861
https://access.redhat.com/errata/RHSA-2026:8883
https://access.redhat.com/errata/RHSA-2026:8884
https://access.redhat.com/errata/RHSA-2026:8885
https://access.redhat.com/errata/RHSA-2026:8886
https://access.redhat.com/errata/RHSA-2026:8887
https://access.redhat.com/errata/RHSA-2026:9290
https://access.redhat.com/errata/RHSA-2026:9291
https://access.redhat.com/errata/RHSA-2026:9292
https://access.redhat.com/errata/RHSA-2026:9294
https://access.redhat.com/errata/RHSA-2026:9295
https://access.redhat.com/security/cve/CVE-2026-23868
https://bugzilla.redhat.com/show_bug.cgi?id=2446207
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23868.json