CVE-2026-23868

NameCVE-2026-23868
DescriptionGiflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1130495

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
giflib (PTS)bullseye5.1.9-2vulnerable
bookworm5.2.1-2.5vulnerable
forky, sid, trixie5.2.2-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
giflibsource(unstable)(unfixed)1130495

Notes

https://www.facebook.com/security/advisories/cve-2026-23868
https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/tree/gifalloc.c?diff=5146815377b7395944cb683a08c43eee3f631eb7
Search for package or bug name: Reporting problems