Home

Description

Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.

PUBLISHED Reserved 2026-01-16 | Published 2026-03-10 | Updated 2026-07-15 | Assigner Meta

Problem types

CWE-415: Double Free

Product status

Default status
affected

5.0.0 (semver)
affected

References

access.redhat.com/security/cve/CVE-2026-23868 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2446207 (RHBZ#2446207) issue-tracking

security.access.redhat.com/...2/vex/2026/cve-2026-23868.json

access.redhat.com/errata/RHSA-2026:8883 vendor-advisory

access.redhat.com/errata/RHSA-2026:9290 vendor-advisory

access.redhat.com/errata/RHSA-2026:8858 vendor-advisory

access.redhat.com/errata/RHSA-2026:19154 vendor-advisory

access.redhat.com/errata/RHSA-2026:8861 vendor-advisory

access.redhat.com/errata/RHSA-2026:8884 vendor-advisory

access.redhat.com/errata/RHSA-2026:8885 vendor-advisory

access.redhat.com/errata/RHSA-2026:8887 vendor-advisory

access.redhat.com/errata/RHSA-2026:8886 vendor-advisory

access.redhat.com/errata/RHSA-2026:9291 vendor-advisory

access.redhat.com/errata/RHSA-2026:9292 vendor-advisory

access.redhat.com/errata/RHSA-2026:9295 vendor-advisory

access.redhat.com/errata/RHSA-2026:9294 vendor-advisory

access.redhat.com/errata/RHSA-2026:8859 vendor-advisory

access.redhat.com/errata/RHSA-2026:19367 vendor-advisory

access.redhat.com/errata/RHSA-2026:25096 vendor-advisory

access.redhat.com/errata/RHSA-2026:19724 vendor-advisory

access.redhat.com/errata/RHSA-2026:19725 vendor-advisory

access.redhat.com/errata/RHSA-2026:16008 vendor-advisory

access.redhat.com/errata/RHSA-2026:16030 vendor-advisory

access.redhat.com/errata/RHSA-2026:16009 vendor-advisory

access.redhat.com/errata/RHSA-2026:16174 vendor-advisory

www.facebook.com/security/advisories/cve-2026-23868

sourceforge.net/...=5146815377b7395944cb683a08c43eee3f631eb7

cve.org (CVE-2026-23868)

nvd.nist.gov (CVE-2026-23868)

Download JSON