CVE-2026-4985

NameCVE-2026-4985
DescriptionA vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgif_addframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier of the patch is b0ba830093f4317a5d1f345715d2fa3cd2dab474. It is suggested to install a patch to address this issue.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1132167

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cgif (PTS)bookworm0.3.0-1vulnerable
trixie0.5.0-1vulnerable
forky, sid0.5.3-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cgifsource(unstable)0.5.3-1unimportant1132167

Notes

https://github.com/dloebl/cgif/issues/110
https://github.com/dloebl/cgif/pull/112
https://github.com/dloebl/cgif/commit/a9ecd7a129f3f7177dfec3e0e7b48c87131ac410
No security impact per upstream
Search for package or bug name: Reporting problems