CVE-2026-23868

high

Description

Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.

References

https://www.facebook.com/security/advisories/cve-2026-23868

https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/tree/gifalloc.c?diff=5146815377b7395944cb683a08c43eee3f631eb7

https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23868.json

https://bugzilla.redhat.com/show_bug.cgi?id=2446207

https://access.redhat.com/security/cve/CVE-2026-23868

https://access.redhat.com/errata/RHSA-2026:9295

https://access.redhat.com/errata/RHSA-2026:9294

https://access.redhat.com/errata/RHSA-2026:9292

https://access.redhat.com/errata/RHSA-2026:9291

https://access.redhat.com/errata/RHSA-2026:9290

https://access.redhat.com/errata/RHSA-2026:8887

https://access.redhat.com/errata/RHSA-2026:8886

https://access.redhat.com/errata/RHSA-2026:8885

https://access.redhat.com/errata/RHSA-2026:8884

https://access.redhat.com/errata/RHSA-2026:8883

https://access.redhat.com/errata/RHSA-2026:8861

https://access.redhat.com/errata/RHSA-2026:8859

https://access.redhat.com/errata/RHSA-2026:8858

https://access.redhat.com/errata/RHSA-2026:25096

https://access.redhat.com/errata/RHSA-2026:19725

https://access.redhat.com/errata/RHSA-2026:19724

https://access.redhat.com/errata/RHSA-2026:19367

https://access.redhat.com/errata/RHSA-2026:19154

https://access.redhat.com/errata/RHSA-2026:16174

https://access.redhat.com/errata/RHSA-2026:16030

https://access.redhat.com/errata/RHSA-2026:16009

https://access.redhat.com/errata/RHSA-2026:16008

Details

Source: Mitre, NVD

Published: 2026-03-10

Updated: 2026-06-30

Risk Information

CVSS v2

Base Score: 6.2

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00018