Vulnerability - CVE-2026-26740

Name

CVE-2026-26740

Source

NVD ( link)Debian ( link)

Description

Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.

CWEs

CWE-787

Published Date

Mar 18, 2026

Updated Date

Jun 17, 2026

Workaround

Advisories

https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.mdExploit

Analysis#

Affected Component

Analysis

giflib

Exploitable

Vulnerability Ratings#

8.2

CVSSv31

NaN

other

Others affected components#

Name

Project

Project Version

Version

Status

giflib

buildroot

2025.02.x

5.2.2

Exploitable

giflib

buildroot

master

6.1.3

Not Affected

giflib

openwrt

master

5.2.2-r2

Exploitable

giflib

openwrt

openwrt-25.12

5.2.2-r2

Exploitable

giflib

yocto

master

6.1.2

Not Affected

giflib

yocto

scarthgap

5.2.2

Exploitable