CVE-2026-23868 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.1 MEDIUM	LOCAL	HIGH	NONE	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Affected Products (NVD)

Vendor	Product	Version
giflib_project	giflib	5.0.0 ≤ 𝑥 ≤ 6.1.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

giflib

bookworm	vulnerable
bullseye	vulnerable
forky	6.1.3-1 fixed
sid	6.1.3-1 fixed
trixie	vulnerable

Ubuntu Releases

Ubuntu Product

Codename

giflib

bionic	needed
focal	needed
jammy	needed
noble	needed
questing	needed
resolute	needed
xenial	needed

openSUSE / SLES Releases

openSUSE Product

Release

giflib-devel

suse enterprise desktop 15 SP7	5.2.2-150000.4.19.1 fixed
suse enterprise sap 15 SP7	5.2.2-150000.4.19.1 fixed
suse enterprise server 15 SP4	5.2.2-150000.4.19.1 fixed
suse enterprise server 15 SP7	5.2.2-150000.4.19.1 fixed

giflib-progs

suse enterprise server 12 SP3

5.0.6-13.12.1

fixed

libgif6

suse enterprise server 12 SP3

5.0.6-13.12.1

fixed

libgif6-32bit

suse enterprise server 12 SP3

5.0.6-13.12.1

fixed

libgif7

suse enterprise desktop 15 SP7	5.2.2-150000.4.19.1 fixed
suse enterprise sap 15 SP7	5.2.2-150000.4.19.1 fixed
suse enterprise server 15 SP4	5.2.2-150000.4.19.1 fixed
suse enterprise server 15 SP7	5.2.2-150000.4.19.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

giflib

RHEL 8	0:5.1.4-4.el8_10 fixed
RHEL 9	0:5.2.1-9.el9_7.1 fixed

giflib-devel

RHEL 8	0:5.1.4-4.el8_10 fixed
RHEL 9	0:5.2.1-9.el9_7.1 fixed

Amazon Linux Releases

Amazon Package

Release

giflib

Amazon Linux 2	0:4.1.6-9.amzn2.0.5 fixed
Amazon Linux 2023	0:5.2.1-9.amzn2023.0.3 fixed

giflib-debuginfo

Amazon Linux 2	0:4.1.6-9.amzn2.0.5 fixed
Amazon Linux 2023	0:5.2.1-9.amzn2023.0.3 fixed

giflib-debugsource

Amazon Linux 2023

0:5.2.1-9.amzn2023.0.3

fixed

giflib-devel

Amazon Linux 2	0:4.1.6-9.amzn2.0.5 fixed
Amazon Linux 2023	0:5.2.1-9.amzn2023.0.3 fixed

giflib-utils

Amazon Linux 2	0:4.1.6-9.amzn2.0.5 fixed
Amazon Linux 2023	0:5.2.1-9.amzn2023.0.3 fixed

giflib-utils-debuginfo

Amazon Linux 2023

0:5.2.1-9.amzn2023.0.3

fixed

Azure Linux Releases

Azure Package

Release

giflib

Azure Linux 3.0	0:5.2.1-11.azl3 fixed
CBL-Mariner 2.0	0:5.2.1-11.cm2 fixed

Common Weakness Enumeration

CWE-415 - Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Vulnerability Media Exposure

[GERMAN] Red Hat Enterprise Linux (giflib): Schwachstelle ermöglicht Codeausführung oder DoS
Ein lokaler Angreifer kann eine Schwachstelle in der giflib Komponente in Red Hat Enterprise Linux ausnutzen, um den Speicher zu beschädigen, was möglicherweise zu einem Denial-of-Service-Zustand oder zur Ausführung von beliebigem Code führen kann.
Published: 2026-04-19T22:00:00+00:00

References

https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/tree/gifalloc.c?diff=5146815377b7395944cb683a08c43eee3f631eb7

https://www.facebook.com/security/advisories/cve-2026-23868