8.2

CVE-2026-26740

Exploit
Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Giflib ProjectGiflib Version5.2.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.62% 0.452
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.2 3.9 4.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://bugzilla.redhat.com/show_bug.cgi?id=2448747
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26740.json
https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md
Third Party Advisory
Exploit
https://access.redhat.com/errata/RHSA-2026:33447
https://access.redhat.com/errata/RHSA-2026:33450
https://access.redhat.com/errata/RHSA-2026:33451
https://access.redhat.com/errata/RHSA-2026:33452
https://access.redhat.com/errata/RHSA-2026:33455
https://access.redhat.com/errata/RHSA-2026:33456
https://access.redhat.com/errata/RHSA-2026:33501
https://access.redhat.com/errata/RHSA-2026:33502
https://access.redhat.com/errata/RHSA-2026:33503
https://access.redhat.com/errata/RHSA-2026:33509
https://access.redhat.com/errata/RHSA-2026:36004
https://access.redhat.com/errata/RHSA-2026:36005
https://access.redhat.com/errata/RHSA-2026:36006
https://access.redhat.com/security/cve/CVE-2026-26740