CVE-2026-23868
published 2026-03-10CVE-2026-23868: Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to…
PriorityP419medium5.1CVSS 3.1
AVLACHPRNUINSUCNINAH
EPSS
0.14%
4.1th percentile
Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | giflib | — | — |
| giflib | giflib | 5.0.0 – 6.1.1 | — |
| giflib_project | giflib | 5.0.0 – 6.1.1 | — |
| msrc | azl3_giflib_5.2.1-10_on_azure_linux_3.0 | — | — |
| msrc | azl3_tensorflow_2.16.1-11_on_azure_linux_3.0 | — | — |
| msrc | cbl2_giflib_5.2.1-10_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_tensorflow_2.11.1-2_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.15.1MEDIUMCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
osv5.1MEDIUM
vendor_msrc7.0HIGH
vendor_debian5.1MEDIUM
vendor_redhat5.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2026-23868: Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling
osv·2026-03-10·CVSS 5.1
CVE-2026-23868 [MEDIUM] CVE-2026-23868: Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling
Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
GHSA
GHSA-hq9h-682q-jg37: Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling
ghsa_unreviewed·2026-03-10
CVE-2026-23868 [MEDIUM] CWE-415 GHSA-hq9h-682q-jg37: Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling
Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
Red Hat
giflib: Giflib: Double-free vulnerability leading to memory corruption
vendor_redhat·2026-03-10·CVSS 5.1
CVE-2026-23868 [MEDIUM] CWE-825 giflib: Giflib: Double-free vulnerability leading to memory corruption
giflib: Giflib: Double-free vulnerability leading to memory corruption
Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
A flaw was found in giflib. This double-free vulnerability, caused by a shallow copy in GifMakeSavedImage and incorrect error handling, may allow an attacker to corrupt memory. While difficult to trigger, successful exploitation could potentially lead to arbitrary code execution or a denial of service.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to
Microsoft
CVE-2026-23868: Mariner: Mariner
Meta: Meta
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn
vendor_msrc·2026-03-10·CVSS 7.0
CVE-2026-23868 [MEDIUM] CVE-2026-23868: Mariner: Mariner
Meta: Meta
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn
Mariner: Mariner
Meta: Meta
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
Debian
CVE-2026-23868: giflib - Giflib contains a double-free vulnerability that is the result of a shallow copy...
vendor_debian·2026·CVSS 5.1
CVE-2026-23868 [MEDIUM] CVE-2026-23868: giflib - Giflib contains a double-free vulnerability that is the result of a shallow copy...
Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-23868 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-23868 [HIGH] CVE-2026-23868 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23868 :
CBL Mariner vulnerability analysis and mitigation
Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
Source : NVD
## 5.1
Score
Published March 10, 2026
Severity MEDIUM
CNA Score 5.1
Affected Technologies
CBL Mariner
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mingw64-giflib-debuginfo
giflib-debugsource
Sources
NVD
CBL-Mariner 2.0, 3.0 Severity HIGH Has Fix Added at: Mar 14, 2026
Debian 11, 12, 13, 14 Seve
Bugzilla
CVE-2026-23868 giflib: Giflib: Double-free vulnerability leading to memory corruption
bugzilla·2026-03-10·CVSS 5.1
CVE-2026-23868 [MEDIUM] CVE-2026-23868 giflib: Giflib: Double-free vulnerability leading to memory corruption
CVE-2026-23868 giflib: Giflib: Double-free vulnerability leading to memory corruption
Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.2 Advanced Update Support
Via RHSA-2026:8884 https://access.redhat.com/errata/RHSA-2026:8884
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2026:8858 https://access.redhat.com/errata/RHSA-2026:8858
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
Red Hat Enterp
Bugzilla
CVE-2026-23868 giflib: Giflib: Double-free vulnerability leading to memory corruption [fedora-all]
bugzilla·2026-03-10·CVSS 5.1
CVE-2026-23868 [MEDIUM] CVE-2026-23868 giflib: Giflib: Double-free vulnerability leading to memory corruption [fedora-all]
CVE-2026-23868 giflib: Giflib: Double-free vulnerability leading to memory corruption [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
FEDORA-2026-6ea5f04bb9 (giflib-5.2.2-9.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-6ea5f04bb9
---
FEDORA-2026-758ce76ef6 (giflib-6.1.2-1.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-758ce76ef6
---
FEDORA-2026-c260342365 (giflib-5.2.2-9.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026
https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/tree/gifalloc.c?diff=5146815377b7395944cb683a08c43eee3f631eb7https://www.facebook.com/security/advisories/cve-2026-23868https://access.redhat.com/errata/RHSA-2026:16008https://access.redhat.com/errata/RHSA-2026:16009https://access.redhat.com/errata/RHSA-2026:16030https://access.redhat.com/errata/RHSA-2026:16174https://access.redhat.com/errata/RHSA-2026:19154https://access.redhat.com/errata/RHSA-2026:19367https://access.redhat.com/errata/RHSA-2026:19724https://access.redhat.com/errata/RHSA-2026:19725https://access.redhat.com/errata/RHSA-2026:25096https://access.redhat.com/errata/RHSA-2026:8858https://access.redhat.com/errata/RHSA-2026:8859https://access.redhat.com/errata/RHSA-2026:8861https://access.redhat.com/errata/RHSA-2026:8883https://access.redhat.com/errata/RHSA-2026:8884https://access.redhat.com/errata/RHSA-2026:8885https://access.redhat.com/errata/RHSA-2026:8886https://access.redhat.com/errata/RHSA-2026:8887https://access.redhat.com/errata/RHSA-2026:9290https://access.redhat.com/errata/RHSA-2026:9291https://access.redhat.com/errata/RHSA-2026:9292https://access.redhat.com/errata/RHSA-2026:9294https://access.redhat.com/errata/RHSA-2026:9295https://access.redhat.com/security/cve/CVE-2026-23868https://bugzilla.redhat.com/show_bug.cgi?id=2446207https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23868.json
2026-03-10
Published