CVE-2026-26740 — Out-of-bounds Write in Project Giflib

CWE-787 — Out-of-bounds Write7 documents7 sources

Severity

8.2HIGHNVD

EPSS

0.1%

top 65.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Giflib Project Giflib

Timeline

PublishedMar 18

Description

Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages1 packages

▶NVDgiflib_project/giflib5.2.2

🔴Vulnerability Details

GHSA

GHSA-g43h-fmhp-fvff: Buffer Overflow vulnerability in giflib v↗2026-03-18

▶

CVEList

CVE-2026-26740: Buffer Overflow vulnerability in giflib v↗2026-03-18

▶

OSV

CVE-2026-26740: Buffer Overflow vulnerability in giflib v↗2026-03-18

▶

📋Vendor Advisories

Red Hat

giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension↗2026-03-18

▶

Debian

CVE-2026-26740: giflib - Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to caus...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-26740 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶