CVE-2026-33156 | THREATINT

Description

ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application directory instead of the Windows System32 directory, allowing arbitrary code execution in the user's context. This is especially impactful because ScreenToGif is primarily distributed as a portable application intended to be run from user-writable locations. At time of publication, there are no publicly available patches.

PUBLISHED Reserved 2026-03-17 | Published 2026-03-20 | Updated 2026-03-27 | Assigner GitHub_M

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-426: Untrusted Search Path

CWE-427: Uncontrolled Search Path Element

Product status

<= 2.42.1

affected

References

github.com/...nToGif/security/advisories/GHSA-3fmj-j696-9mg2 exploit

github.com/...nToGif/security/advisories/GHSA-3fmj-j696-9mg2

cve.org (CVE-2026-33156)

nvd.nist.gov (CVE-2026-33156)

Download JSON