CVE-2026-23868

EUVD-2026-10794
Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
MetaCNA
5.1 MEDIUM
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
giflib_projectgiflib
5.0.0 ≤
𝑥
≤ 6.1.1
CNA
Debian logo
Debian Releases
Debian Product
Codename
giflib
bookworm
vulnerable
bullseye
vulnerable
forky
vulnerable
sid
vulnerable
trixie
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
giflib
bionic
needed
focal
needed
jammy
needed
noble
needed
questing
needed
resolute
needed
xenial
needed
Common Weakness Enumeration
References
https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/tree/gifalloc.c?diff=5146815377b7395944cb683a08c43eee3f631eb7
https://www.facebook.com/security/advisories/cve-2026-23868