CVE-2026-23868 — Double Free in Giflib

CWE-415 — Double Free CWE-825 — Expired Pointer Dereference8 documents8 sources

Severity

5.1MEDIUMNVD

EPSS

0.0%

top 95.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Giflib Debian Giflib Msrc Azl3 Giflib 5.2.1-10 ON Azure Linux 3.0 +3 more

Timeline

PublishedMar 10

Description

Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 1.4 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5giflib/giflib5.0.0 — 6.1.1

▶debiandebian/giflib

▶msrcmsrc/azl3_giflib_5.2.1-10_on_azure_linux_3.0

▶msrcmsrc/cbl2_giflib_5.2.1-10_on_cbl_mariner_2.0

▶msrcmsrc/cbl2_tensorflow_2.11.1-2_on_cbl_mariner_2.0

🔴Vulnerability Details

OSV

CVE-2026-23868: Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling↗2026-03-10

▶

GHSA

GHSA-hq9h-682q-jg37: Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling↗2026-03-10

▶

📋Vendor Advisories

Red Hat

giflib: Giflib: Double-free vulnerability leading to memory corruption↗2026-03-10

▶

Microsoft

CVE-2026-23868: Mariner: Mariner Meta: Meta Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn↗2026-03-10

▶

Debian

CVE-2026-23868: giflib - Giflib contains a double-free vulnerability that is the result of a shallow copy...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23868 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2026-23868 giflib: Giflib: Double-free vulnerability leading to memory corruption [fedora-all]↗2026-03-10

▶