Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-26740

Опубликовано: 18 мар. 2026
Источник: redhat
CVSS3: 7.5

Описание

A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension (GCE) block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of service (DoS) on the system.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat build of OpenJDK 11 ELSjava-11-openjdkAffected
Red Hat build of OpenJDK 11 ELSjava-11-openjdk-portableAffected
Red Hat build of OpenJDK 17java-17-openjdk-portableAffected
Red Hat build of OpenJDK 1.8java-1.8.0-openjdk-portableAffected
Red Hat build of OpenJDK 21java-21-openjdk-portableAffected
Red Hat build of OpenJDK 25java-25-openjdk-portableAffected
Red Hat Enterprise Linux 10giflibAffected
Red Hat Enterprise Linux 10java-21-openjdkAffected
Red Hat Enterprise Linux 10java-25-openjdkAffected
Red Hat Enterprise Linux 6giflibAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=2448747giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-26740

CVSS3: 8.2
ubuntu
9 дней назад

Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.

nvd логотип

CVE-2026-26740

CVSS3: 8.2
nvd
10 дней назад

Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.

debian логотип

CVE-2026-26740

CVSS3: 8.2
debian
10 дней назад

Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attack ...

github логотип

GHSA-g43h-fmhp-fvff

CVSS3: 8.2
github
10 дней назад

Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.

7.5 High

CVSS3