| Package | giflib |
|---|---|
| Version | 5.1.4-0.4+deb9u2 (stretch), 5.1.4-3+deb10u2 (buster) |
| Related CVEs | CVE-2026-23868 CVE-2026-26740 |
Two vulnerabilties have been found in giflib, a package of portable tools and library routines for working with GIF images, potentially allowing Denial of Service.
CVE-2026-23868
Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
CVE-2026-26740
A Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.
For Debian 10 buster, these problems have been fixed in version 5.1.4-3+deb10u2.
For Debian 9 stretch, these problems have been fixed in version 5.1.4-0.4+deb9u2.
We recommend that you upgrade your giflib packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.