{ "threat_severity" : "Important", "public_date" : "2026-03-18T00:00:00Z", "bugzilla" : { "description" : "giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension", "id" : "2448747", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2448747" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-787", "details" : [ "Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.", "A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension (GCE) block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of service (DoS) on the system." ], "affected_release" : [ { "product_name" : "OPENJDK ELS 11.0.31", "release_date" : "2026-04-22T00:00:00Z", "advisory" : "RHSA-2026:9255", "cpe" : "cpe:/a:redhat:openjdk_els:11", "package" : "java-11-openjdk-portable" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-04-22T00:00:00Z", "advisory" : "RHSA-2026:9693", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "java-25-openjdk-1:25.0.3.0.9-1.el10_2" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-04-22T00:00:00Z", "advisory" : "RHSA-2026:9693", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "java-25-openjdk-1:25.0.3.0.9-1.el9" }, { "product_name" : "Red Hat OpenJDK 11 els for RHEL 7", "release_date" : "2026-04-22T00:00:00Z", "advisory" : "RHSA-2026:9254", "cpe" : "cpe:/a:redhat:openjdk_els:11::el7", "package" : "java-11-openjdk-1:11.0.31.0.11-1.el7_9" }, { "product_name" : "Red Hat OpenJDK 11 els for RHEL 8", "release_date" : "2026-04-22T00:00:00Z", "advisory" : "RHSA-2026:9254", "cpe" : "cpe:/a:redhat:openjdk_els:11::el8", "package" : "java-11-openjdk-1:11.0.31.0.11-1.el8" }, { "product_name" : "Red Hat OpenJDK 11 els for RHEL 9", "release_date" : "2026-04-22T00:00:00Z", "advisory" : "RHSA-2026:9254", "cpe" : "cpe:/a:redhat:openjdk_els:11::el9", "package" : "java-11-openjdk-1:11.0.31.0.11-1.el9" } ], "package_state" : [ { "product_name" : "Red Hat build of OpenJDK 17", "fix_state" : "Affected", "package_name" : "java-17-openjdk-portable", "cpe" : "cpe:/a:redhat:openjdk:17" }, { "product_name" : "Red Hat build of OpenJDK 1.8", "fix_state" : "Affected", "package_name" : "java-1.8.0-openjdk-portable", "cpe" : "cpe:/a:redhat:openjdk:1.8" }, { "product_name" : "Red Hat build of OpenJDK 21", "fix_state" : "Affected", "package_name" : "java-21-openjdk-portable", "cpe" : "cpe:/a:redhat:openjdk:21" }, { "product_name" : "Red Hat build of OpenJDK 25", "fix_state" : "Affected", "package_name" : "java-25-openjdk-portable", "cpe" : "cpe:/a:redhat:openjdk:25" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "giflib", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "java-21-openjdk", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Affected", "package_name" : "giflib", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Affected", "package_name" : "giflib", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Affected", "package_name" : "java-1.8.0-openjdk", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "giflib", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "java-17-openjdk", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "java-1.8.0-openjdk", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "java-21-openjdk", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "giflib", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "java-17-openjdk", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "java-1.8.0-openjdk", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "java-21-openjdk", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-26740\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-26740\nhttps://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md" ], "name" : "CVE-2026-26740", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }