#1131368 giflib: CVE-2026-26740

Package:
src:giflib
Source:
src:giflib
Submitter:
Salvatore Bonaccorso
Date:
2026-06-27 14:35:08 UTC
Severity:
normal
Tags:
#1131368#5
Date:
2026-03-20 16:35:10 UTC
From:
To:
Hi,

The following vulnerability was published for giflib.

CVE-2026-26740[0]:
| Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote
| attacker to cause a denial of service via the EGifGCBToExtension
| overwriting an existing Graphic Control Extension block without
| validating its allocated size.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-26740
https://www.cve.org/CVERecord?id=CVE-2026-26740
[1] https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
#1131368#14
Date:
2026-05-31 15:05:21 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
giflib, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1131368@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Suárez <deiv@debian.org> (supplier of updated giflib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Sun, 31 May 2026 16:19:21 +0200
Source: giflib
Architecture: source
Version: 6.1.3-1
Distribution: unstable
Urgency: medium
Maintainer: David Suárez <deiv@debian.org>
Changed-By: David Suárez <deiv@debian.org>
Closes: 1068438 1084058 1102520 1130495 1131368
Changes:
 giflib (6.1.3-1) unstable; urgency=medium
 .
   * New upstream version:
     - Fix CVE-2026-23868; Closes: #1130495
     - Fix CVE-2024-45993; Closes: #1084058
     - Fix CVE-2025-31344; Closes: #1102520
     - Closes: #1068438
   * debian/patches:
     - Drop dont-build-html-pages-images patch; Applied upstream.
     - Drop Correct-document-page-install patch; Applied upstream.
     - Drop revert-GifQuantizeBuffer-remove-from-lib patch;
         Applied upstream.
     - Drop Clean-up-memory-better-at-end-of-run-CVE-2021-40633 patch;
         Applied upstream.
     - Refresh giflib_quantize-header patch.
     - Refresh dont-spoil-tests-with-stderr patch.
     - Add fix-CVE-2026-26740 patch; Closes: #1131368.
   * Improve html documentation:
     - Nows the install doc rule, installs the html docs.
     - Don't install html docs for binaries not distributed.
     - Remove doc-base as the index contains references to not
         installed binaries.
   * Add autopkgtests.
   * Remove lintian override for sourceforge, now we use it.
   * Update standards version; no changes needed.
Checksums-Sha1:
 72ec132a2b543d6cd2e9181ded81a7a59c181dcf 1965 giflib_6.1.3-1.dsc
 5bc9aa3e5188d1828b5df8aed81720273952b2d4 470579 giflib_6.1.3.orig.tar.gz
 73f1d19a085e428b0b748a7a6642e8706c03e15b 12176 giflib_6.1.3-1.debian.tar.xz
 e4ec757b0d9851acdb1b469317ddc5b9c414b97e 7041 giflib_6.1.3-1_amd64.buildinfo
Checksums-Sha256:
 5035b192f03b64acb222ca9264c8897861a68fd8f1b4d3e24f278bd00720e9c6 1965 giflib_6.1.3-1.dsc
 b65b66b99f0424b93525f987386f22fc5efb9da2bfc92ad4a532249aaffbab0e 470579 giflib_6.1.3.orig.tar.gz
 98057467e9a28b0805f60f84fdbbdccaf66b78357c5548bd893db8f6d8e7f7d2 12176 giflib_6.1.3-1.debian.tar.xz
 02d04ae515ac5d4bb5bcb2308cbeb2f9b320b38a9dcf879087ce93989289ff1e 7041 giflib_6.1.3-1_amd64.buildinfo
Files:
 8db24332416fe2e0680a842c36038410 1965 libs optional giflib_6.1.3-1.dsc
 a70e90ff780e9ebee9cb84b82bbd46a7 470579 libs optional giflib_6.1.3.orig.tar.gz
 d805eb8a49f6291974f0fcaa7f1fd4fc 12176 libs optional giflib_6.1.3-1.debian.tar.xz
 70044ce832c6727b6f1eaa22d7b02e7f 7041 libs optional giflib_6.1.3-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----

iQJEBAEBCgAuFiEExFAZYDOyRoLv5EydfLboPYYFQjoFAmocR6gQHGRlaXZAZGVi
aWFuLm9yZwAKCRB8tug9hgVCOklnD/42GFGI/bpiJyO4ISH6AVqIbXLGxjZ5p7Ac
SYP5hPaEacE/cop3VTed/wwT/F/I47N3Moqclx6C3Z3idc/oMFaMVX4NYGhE2C3r
q9gEELlEpGFFXNOnAdy09SSCqKoIzSxWwTo+yF4+c0ug+ARh0JzCyVkhaE7XETZs
k8R9O/NgOud/I6MRK4454h56qzMq6peis+5e6KmupB3/Y73Sb/wUcvG7n7entU1f
x5G3qTvyQYV6+F8of315y+voYlq+2E8SshNSAXBjFETEEIoqCbm6AYJnvxwSrs4j
JTWnfPB0uyzLnFPnJMLCbsDAzg1It8wDeIR4Mlf2QtclfRDiNUsjCsmYfjyq/GtS
LxRM1DWFmh+0Hqx5xHBsB3qQeaiDXRhtMEGQ3oHspkZ797pGYvrY3n+27H7y9t6q
mMGXbTJb/mhLhmEVkNCsSjpXHyokivEl54Rr3wMlkERxMY6HulT9n26dQLJR2rnf
xFygkrFXY6fYKKl/UbFUgEFZM9Fhb9kuu1SeVh/4XP9thBKgwCf4tmE3XDxaKVfN
+6b5yKH4X2hPNjesn927afKgcdesfiRjhe3U6w/5gUPTJVdp3hLHOzRGC7UzgqUr
5T930Vv37wEOVas8vL8lgQz1g8elRnFYg5QeaIF+yGvVY+uuESpSVQKDc0hz7bU2
0eQT7YpPQg==
=qLce
-----END PGP SIGNATURE-----
#1131368#23
Date:
2026-06-27 14:32:24 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
giflib, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1131368@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Mühlenhoff <jmm@debian.org> (supplier of updated giflib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Sat, 13 Jun 2026 17:19:16 +0200
Source: giflib
Architecture: source
Version: 5.2.2-1+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: David Suárez <deiv@debian.org>
Changed-By: Moritz Mühlenhoff <jmm@debian.org>
Closes: 1130495 1131368
Changes:
 giflib (5.2.2-1+deb13u1) trixie; urgency=medium
 .
   * CVE-2026-23868 (Closes: #1130495)
   * CVE-2026-26740 (Closes: #1131368)
Checksums-Sha1:
 b0dd064ba247b0dffe35594751116be204ab025e 1949 giflib_5.2.2-1+deb13u1.dsc
 28f8544869f1f78632cad0896ff531851a368e75 13884 giflib_5.2.2-1+deb13u1.debian.tar.xz
 b7abf5ac101c33675fa90ae59cb3113f9fe4e75a 7252 giflib_5.2.2-1+deb13u1_amd64.buildinfo
Checksums-Sha256:
 358f5578a56ffa5b9441a50166d648e68a108edbedbb774cc296a15dd55c9fd0 1949 giflib_5.2.2-1+deb13u1.dsc
 a246d74352139ceae28e05fd270df6482c98a66357a4e5549f048e6446a246cf 13884 giflib_5.2.2-1+deb13u1.debian.tar.xz
 eaeb3ba0ba79e129349f118d2a1fca555847c7de5a7f786293bb00652eb7f7ea 7252 giflib_5.2.2-1+deb13u1_amd64.buildinfo
Files:
 2cfcab1f9aee9d12d29eb87bbc35044b 1949 libs optional giflib_5.2.2-1+deb13u1.dsc
 c694354dac866dcafcecba52a2f379cd 13884 libs optional giflib_5.2.2-1+deb13u1.debian.tar.xz
 33c86af506863d9c577935c104194bee 7252 libs optional giflib_5.2.2-1+deb13u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmozCFkACgkQEMKTtsN8
TjZYVg/+MUu/VgxvMl0qR5aLgpOawOz1QhlNQ9Vuwb2wdtXJkHqTZ+PmkogCSbCP
JLDrZb+LNUciwfOY8vVf205TOjqAHEsOcilM2RM6zJ7AyB5CUJGkbtbhmSw1mglq
xSCcMv1lSrV3ygNl4p6T5CEWTnBw36tTQu/OepnCAKH9rM5bW94xMwcXTd66r+an
qKmi74guh40iJ7WCOdJcliFJuR3ymKFap9oZXqSsoc2wzHwfGd+up5Vrs6r6Gcwq
2nbImhulrYuxlOVGTIYhX9+Gpwuijfuee4MbHV+DiV13tSgozH4vMync862ybCFu
nFZ92aikr+aTpj+eNu9kwNYO9nmEJ0krelzzrPaYOiyRoR1LEO4ErUQyuCssvruA
ZGIORfCnThJdNutC3Do25cLVzRqGL2/UGoQ3rAI7sKc5wDvTYheSsYOk79D7fi4Y
yz2j43JnEalV69TlvHRUvfhNZy9EpM0InbqpEmXhYjRCH1SxxIyGqKCK06wxPWPS
aohNE4EgwJBA44AQksL1u0njvUKHqnFFyUO0yw5FPSc2A/iTpZK7kaPzg5JPcU0Q
Ycq1/MFrMqedE1W4BBWJmQZ7Zv8//8amAItahO7Z0Hx5dmYmf5Aw4piYqazU+kfV
pTBahIZlWj91+4bItaIFwrRgHECf/vIYFAFBXVxn4Lp/lC0jidI=
=Renw
-----END PGP SIGNATURE-----
#1131368#32
Date:
2026-06-27 14:32:41 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
giflib, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1131368@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tobias Frost <tobi@debian.org> (supplier of updated giflib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Fri, 26 Jun 2026 09:19:21 +0200
Source: giflib
Architecture: source
Version: 5.2.1-2.5+deb12u1
Distribution: bookworm
Urgency: high
Maintainer: David Suárez <david.sephirot@gmail.com>
Changed-By: Tobias Frost <tobi@debian.org>
Closes: 1130495 1131368
Changes:
 giflib (5.2.1-2.5+deb12u1) bookworm; urgency=high
 .
   * Non-maintainer upload by the LTS Team
   * Enable CI for bookworm, adapt gbp.conf for bookworm.
   * Backport fixes for:
     - CVE-2026-23868 - double-free vulnerability (Closes: #1130495)
     - CVE-2026-26740 - heap OOB write (Closes: #1131368)
Checksums-Sha1:
 1eadb1bd3d430295731ed4e724181491f97dcaa3 1965 giflib_5.2.1-2.5+deb12u1.dsc
 c3f774dcbdf26afded7788979c8081d33c6426dc 444187 giflib_5.2.1.orig.tar.gz
 988ebe42c35c0cac9d36a006fba719b7cc62a702 13712 giflib_5.2.1-2.5+deb12u1.debian.tar.xz
 ccca6447afea5be0554f2be6cc12f092c0b44d1c 6370 giflib_5.2.1-2.5+deb12u1_source.buildinfo
Checksums-Sha256:
 5206a92fd4a057768f429033a3a80bc1e06453f6c60dfec243d8188fa6ade3f4 1965 giflib_5.2.1-2.5+deb12u1.dsc
 31da5562f44c5f15d63340a09a4fd62b48c45620cd302f77a6d9acf0077879bd 444187 giflib_5.2.1.orig.tar.gz
 efa4369de943f7918c2b0b049a125268937ab12039ea6ed01d34ab2125def0df 13712 giflib_5.2.1-2.5+deb12u1.debian.tar.xz
 b8fe9083b03691b326a7c313f1d570f2f152abccf9fec314a8fae5110273e388 6370 giflib_5.2.1-2.5+deb12u1_source.buildinfo
Files:
 34d7940f4c490ce4554a5eec4104e798 1965 libs optional giflib_5.2.1-2.5+deb12u1.dsc
 6f03aee4ebe54ac2cc1ab3e4b0a049e5 444187 libs optional giflib_5.2.1.orig.tar.gz
 4d18adf24ab46858613d57a237c98b6f 13712 libs optional giflib_5.2.1-2.5+deb12u1.debian.tar.xz
 bded6f7e35ad16299a30880b807fee95 6370 libs optional giflib_5.2.1-2.5+deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmo+K0wACgkQkWT6HRe9
XTab7RAAx4P2/zreSyDxarMNcmYjXPnB6lV0QTryHRIvaIGiFCGgP1Seu0j7NeVU
LbsK6pnoKXBKARq9+3xqPPgXIXWkuRVdbh2v7thxkaBQXldmqFFRbSDZF9mV5pQq
eAhZAmxkyMyS5+DUgm6AvC6tENJ3H5zqLBi67J/Q7Qs34lqztPy5R4Wj3O3jeCg8
J61qxg4fnq/NpWPMTlf/yudZDORbg7sgbzIX8umBkgqs+YJww3xn+lAsyfaW1t4+
Go7NfiUaYf3Qu9cIvRkSUFw0aeN6eqJPbDMNJnTuFmjDX3WLU+O6hbNMS+/rbf5t
ZfZG0T9Sy44C20lY9Jj5tqzt3DpE34tZm+9hO6rnIZtTj1qnMzyGexKvwGo7AzIN
D1Jujq05dnjZ5UMDtW90BwTGPQyVYcizS5XmoQ1GE9BL/vSPQrisjaza53s/dnG9
H82RggXetZhGNfoPa602ZOMe/dtyDppbZJr54JZ6ksveERqUoFttqHFDfGj84/bT
lKFYKQ1u/Nt1SO02cVVUNXdZW76/ex05kY+Om3lfiskUkR92ZN6Bf5FXvBKUquFl
QctpjsBhXJXhvstQgCdFJI+PnGYMiET6L1c/NmLJm9kRgd/0/uRzIYccPvZoRYiw
WJy3Xv1j3O6YgfxfW6MquQ5DdMo8nMKpbNIX0ZaNFLORYswa+ZQ=
=Dl2E
-----END PGP SIGNATURE-----