CVE-2026-26740 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.2 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 42%

Affected Products (NVD)

Vendor	Product	Version
giflib_project	giflib	5.2.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

giflib

bookworm	vulnerable
bullseye	vulnerable
forky	vulnerable
sid	vulnerable
trixie	vulnerable

Ubuntu Releases

Ubuntu Product

Codename

giflib

bionic	deferred
focal	deferred
jammy	deferred
noble	deferred
questing	deferred
resolute	deferred
xenial	deferred

Red Hat Enterprise Linux Releases

Red Hat Product

Release

java-25-openjdk

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-crypto-adapter

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-crypto-adapter-fastdebug

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-crypto-adapter-slowdebug

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-demo

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-demo-fastdebug

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-demo-slowdebug

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-devel

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-devel-fastdebug

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-devel-slowdebug

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-fastdebug

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-headless

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-headless-fastdebug

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-headless-slowdebug

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-javadoc

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-javadoc-zip

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-jmods

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-jmods-fastdebug

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-jmods-slowdebug

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-slowdebug

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-src

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-src-fastdebug

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-src-slowdebug

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-static-libs

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-static-libs-fastdebug

RHEL 9

1:25.0.3.0.9-1.el9

fixed

java-25-openjdk-static-libs-slowdebug

RHEL 9

1:25.0.3.0.9-1.el9

fixed

Known Exploits!

https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md