CVE-2026-23868

Published: Mar 10, 2026Modified: May 7, 2026

5.1

Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.4 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.

Affected (1)

Products: Giflib Project: Giflib

Giflib Project

1 product

Giflib

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Giflib Project Giflib	From 5.0.0 to 6.1.1

Related CWEs

CWE-415

Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (2)

https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/tree/gifalloc.c?diff=5146815377b7395944cb683a08c43eee3f631eb7

Source: cve-assign@fb.com

Patch

https://www.facebook.com/security/advisories/cve-2026-23868

Source: cve-assign@fb.com

Third Party Advisory

Timeline

No history available yet.