Debian LTS giflib Critical Denial of Service Vulnerabilities DLA-4650-1
debian lts
June 26, 2026
Two vulnerabilties have been found in giflib, a package of portable tools and library routines for working with GIF images, potentially allowing Denial of Service
Topics Covered
Summary
CVE-2026-23868
Giflib contains a double-free vulnerability that is the result of a
shallow copy in GifMakeSavedImage and incorrect error handling. The
conditions needed to trigger this vulnerability are difficult but may
be possible.
CVE-2026-26740
A Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote
attacker to cause a denial of service via the EGifGCBToExtension
overwriting an existing Graphic Control Extension block without
validating its allocated size.
For Debian 11 bullseye, these problems have been fixed in version
5.1.9-2+deb11u1.
We recommend that you upgrade your giflib packages.
For the detailed security status of giflib please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/giflib
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: giflib
Version: 5.1.9-2+deb11u1 $bookworm_VERSION
CVE ID: CVE-2026-23868 CVE-2026-26740
Debian Bug: 1130495 1131368
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!