Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
Loading...
Loading...
Score 5.1 from GitHub Security Advisory published 2026-03-10. NVD baseline CVSS 5.1; sources differ by 0.0.
Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
March 10, 2026
May 7, 2026
These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.
Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
Red Hat Security Advisory: Red Hat AI Inference Server 3.2.2 (ROCm)
Red Hat Security Advisory: Red Hat AI Inference Server 3.2.2 (CUDA)
Red Hat Security Advisory: Red Hat AI Inference Server 3.3.3 (Spyre)
Red Hat Security Advisory: Red Hat AI Inference Server 3.3.3 (CUDA)
Red Hat Security Advisory: Red Hat AI Inference Server 3.3.3 (ROCm)
Red Hat Security Advisory: Red Hat AI Inference Server Model Optimization Tools 3.3.3 (CUDA)
| Vendor / Ecosystem | Fixed in / Patch | Released | Source |
|---|---|---|---|
| redhat | giflib-0:5.2.1-10.el9_8.1 | 2026-05-19 | redhat |
| redhat | giflib-0:5.2.1-24.el10_2 | 2026-05-19 | redhat |
| redhat | rhaiis/vllm-spyre-rhel9:1778244546 | 2026-05-12 | redhat |
| redhat | rhaiis/model-opt-cuda-rhel9:1778244559 | 2026-05-11 | redhat |
| redhat | rhaiis/vllm-cuda-rhel9:1778274666 | 2026-05-11 | redhat |
| redhat | rhaiis/vllm-rocm-rhel9:1778244531 | 2026-05-11 | redhat |
| redhat | giflib-0:5.2.1-22.el10_0.1 | 2026-04-21 | redhat |
| redhat | giflib-0:5.2.1-9.el9_4.1 | 2026-04-21 | redhat |
| redhat | giflib-0:5.2.1-9.el9_6.1 | 2026-04-21 | redhat |
| redhat | giflib-0:5.2.1-9.el9_0.1 | 2026-04-21 | redhat |
| redhat | giflib-0:5.2.1-9.el9_2.1 | 2026-04-21 | redhat |
| redhat | giflib-0:5.1.4-3.el8_6.1 | 2026-04-20 | redhat |
| redhat | giflib-0:5.1.4-3.el8_2.1 | 2026-04-20 | redhat |
| redhat | giflib-0:5.2.1-22.el10_1.1 | 2026-04-20 | redhat |
| redhat | giflib-0:5.1.4-4.el8_10 | 2026-04-20 | redhat |
| redhat | giflib-0:5.1.4-3.el8_8.1 | 2026-04-20 | redhat |
| redhat | giflib-0:5.1.4-3.el8_4.1 | 2026-04-20 | redhat |
| redhat | giflib-0:5.2.1-9.el9_7.1 | 2026-04-20 | redhat |
| redhat | giflib-0:4.1.6-9.el7_9.1 | 2026-04-20 | redhat |
Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.
Vendors that published advisories for this CVE beyond the curated set above. Broader coverage but minimal per-row detail — click through for the original advisory.
RHSA-2026:19154 — Important
RHSA-2026:19367 — Important
RHSA-2026:8858 — Important
RHSA-2026:8859 — Important
RHSA-2026:8861 — Important
RHSA-2026:8883 — Important
RHSA-2026:8884 — Important
RHSA-2026:8885 — Important
RHSA-2026:8886 — Important
RHSA-2026:8887 — Important
RHSA-2026:9290 — Important
RHSA-2026:9291 — Important
RHSA-2026:9292 — Important
RHSA-2026:9294 — Important
RHSA-2026:9295 — Important
Every time one of our enrichment pipelines (NVD, MITRE cvelistV5, EPSS, CISA KEV, GHSA, OSV, vendor advisories) ran against this CVE. Most recent first.
See which npm, PyPI, Go, and Maven packages are affected by CVE-2026-23868
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.