CVE-2026-26740 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.2 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 23%

Affected Products (NVD)

Vendor	Product	Version
giflib_project	giflib	5.2.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

giflib

bookworm	vulnerable
bullseye	vulnerable
forky	6.1.3-1 fixed
sid	6.1.3-1 fixed
trixie	no-dsa

Ubuntu Releases

Ubuntu Product

Codename

giflib

bionic	deferred
focal	deferred
jammy	deferred
noble	deferred
questing	deferred
resolute	deferred
xenial	deferred

Amazon Linux Releases

Amazon Package

Release

giflib

Amazon Linux 2023

0:5.2.1-9.amzn2023.0.4

fixed

giflib-debuginfo

Amazon Linux 2023

0:5.2.1-9.amzn2023.0.4

fixed

giflib-debugsource

Amazon Linux 2023

0:5.2.1-9.amzn2023.0.4

fixed

giflib-devel

Amazon Linux 2023

0:5.2.1-9.amzn2023.0.4

fixed

giflib-utils

Amazon Linux 2023

0:5.2.1-9.amzn2023.0.4

fixed

giflib-utils-debuginfo

Amazon Linux 2023

0:5.2.1-9.amzn2023.0.4

fixed

Known Exploits!

https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md