A double-free vulnerability (CVE-2026-23868, CVSS 5.1) in the giflib library can lead to memory corruption. This security update addresses the issue for Red Hat Enterprise Linux 7 Extended Lifecycle Support. The advisory provides updated packages to remediate affected systems.
Red Hat Product Errata RHSA-2026:8883 - Security Advisory Issued: 2026-04-20 Updated: 2026-04-20 RHSA-2026:8883 - Security Advisory Overview Updated Packages Synopsis Important: giflib security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for giflib is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The giflib package contains a shared library of functions for loading and saving GIF format image files. It is API and ABI compatible with libungif, the library which supported uncompressed GIFs while the Unisys LZW patent was in effect. Security Fix(es): giflib: Giflib: Double-free vulnerability leading to memory corruption (CVE-2026-23868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64 Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64 Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le Fixes BZ - 2446207 - CVE-2026-23868 giflib: Giflib: Double-free vulnerability leading to memory corruption CVEs CVE-2026-23868 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 SRPM giflib-4.1.6-9.el7_9.1.src.rpm SHA-256: b95302602254fa1b93816b8d01e4da807b514665bead394729d5ddd11fbcdf4c x86_64 giflib-4.1.6-9.el7_9.1.i686.rpm SHA-256: 628cbeb11fde9f00126e48919f500a53fdb6b819e598ab135f14f68820a790b6 giflib-4.1.6-9.el7_9.1.x86_64.rpm SHA-256: e764c53d0c640f4f96f08789757b273de35513276a68fb65119d28c0fa49c802 giflib-debuginfo-4.1.6-9.el7_9.1.i686.rpm SHA-256: 28cb39231baa6ffaf3e60a41a67850a168e3f112257fcb2a04f31a50ca59a486 giflib-debuginfo-4.1.6-9.el7_9.1.i686.rpm SHA-256: 28cb39231baa6ffaf3e60a41a67850a168e3f112257fcb2a04f31a50ca59a486 giflib-debuginfo-4.1.6-9.el7_9.1.x86_64.rpm SHA-256: 09e701ef55900ef4594300c63b83a9283ad29fad936569d944c849c53ad188f4 giflib-debuginfo-4.1.6-9.el7_9.1.x86_64.rpm SHA-256: 09e701ef55900ef4594300c63b83a9283ad29fad936569d944c849c53ad188f4 giflib-devel-4.1.6-9.el7_9.1.i686.rpm SHA-256: ca63d89efeb3c922cefbfdfa5bcedb1841c291b3b96c63d4c9bffff164c024dd giflib-devel-4.1.6-9.el7_9.1.x86_64.rpm SHA-256: c8373e254cb0925cd493fc47b3ddbbd3621d41fbf35233135069d62e64420749 giflib-utils-4.1.6-9.el7_9.1.x86_64.rpm SHA-256: 2b26cbdc326907c67e58542a487ec39c1c60b638c4f00b08f4b179200f253cfd Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 SRPM giflib-4.1.6-9.el7_9.1.src.rpm SHA-256: b95302602254fa1b93816b8d01e4da807b514665bead394729d5ddd11fbcdf4c s390x giflib-4.1.6-9.el7_9.1.s390.rpm SHA-256: 454548633a4b4211ee2dda751f42c2bef605e306928da9fbc7f97b3c698ffafb giflib-4.1.6-9.el7_9.1.s390x.rpm SHA-256: ec80f58b882063076794c514de4e2cb6918b1a43c83e96a46a8e7ca92f6eeab4 giflib-debuginfo-4.1.6-9.el7_9.1.s390.rpm SHA-256: 5b52253e21b652a15b22a1c5cea518558a1860e1340ddf1d670cedc982c98df3 giflib-debuginfo-4.1.6-9.el7_9.1.s390.rpm SHA-256: 5b52253e21b652a15b22a1c5cea518558a1860e1340ddf1d670cedc982c98df3 giflib-debuginfo-4.1.6-9.el7_9.1.s390x.rpm SHA-256: 2c051e7e80d094f02449d650bc589b2b9497d9dddb54d8a729fb38431ea014a2 giflib-debuginfo-4.1.6-9.el7_9.1.s390x.rpm SHA-256: 2c051e7e80d094f02449d650bc589b2b9497d9dddb54d8a729fb38431ea014a2 giflib-devel-4.1.6-9.el7_9.1.s390.rpm SHA-256: f01e2c703b60c53d7e27691920d87f1856ccbfa7265c8771fcbca9ae771a5d38 giflib-devel-4.1.6-9.el7_9.1.s390x.rpm SHA-256: 710bd14defc5cda730d9430065f715f331226e8fceedeac3bec62620cdc24040 giflib-utils-4.1.6-9.el7_9.1.s390x.rpm SHA-256: 51a78eeba0ff8d7192b97689bb06f3f8e68f195945fd58f1d4d0254d19a36225 Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 SRPM giflib-4.1.6-9.el7_9.1.src.rpm SHA-256: b95302602254fa1b93816b8d01e4da807b514665bead394729d5ddd11fbcdf4c ppc64 giflib-4.1.6-9.el7_9.1.ppc.rpm SHA-256: 0f55bb50a34619cdc25c2860f7bc0c466766d6c6225f295926f7b523c8c791a2 giflib-4.1.6-9.el7_9.1.ppc64.rpm SHA-256: 5397ad9cb32c2a7b0094843d3b172281d61d5bf64b4b97d56c4a86dcefaa9753 giflib-debuginfo-4.1.6-9.el7_9.1.ppc.rpm SHA-256: c39eac4a10ac7b501a9ab28026dd95bdc9659f36a6b52e8e94e36632e7b118bd giflib-debuginfo-4.1.6-9.el7_9.1.ppc.rpm SHA-256: c39eac4a10ac7b501a9ab28026dd95bdc9659f36a6b52e8e94e36632e7b118bd giflib-debuginfo-4.1.6-9.el7_9.1.ppc64.rpm SHA-256: 58581ec223e64e2bc2852f0ad329bb2d46c2bfd195c19b2aa5cc6d41a32af2d5 giflib-debuginfo-4.1.6-9.el7_9.1.ppc64.rpm SHA-256: 58581ec223e64e2bc2852f0ad329bb2d46c2bfd195c19b2aa5cc6d41a32af2d5 giflib-devel-4.1.6-9.el7_9.1.ppc.rpm SHA-256: 2b17e069ae5cbe6dbf1fb798eda0dab074cbd6e4ba79224258791a0090590389 giflib-devel-4.1.6-9.el7_9.1.ppc64.rpm SHA-256: f2fa4c5eec4b5e59759045310d82921f7505cd321466daf258381c327aadb9a9 giflib-utils-4.1.6-9.el7_9.1.ppc64.rpm SHA-256: 6f4945f0fb8c31cb76635e92247bcffa235a13ce93688b873329701ae2d42392 Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 SRPM giflib-4.1.6-9.el7_9.1.src.rpm SHA-256: b95302602254fa1b93816b8d01e4da807b514665bead394729d5ddd11fbcdf4c ppc64le giflib-4.1.6-9.el7_9.1.ppc64le.rpm SHA-256: b815c0f07130bd7cb3e67af9b2c204063a274556461cea7188e05ab136c4432a giflib-debuginfo-4.1.6-9.el7_9.1.ppc64le.rpm SHA-256: 0a0452dd6d12a32de026c65acd15371f793caa4fc46ce130bd3b58ad460c103c giflib-debuginfo-4.1.6-9.el7_9.1.ppc64le.rpm SHA-256: 0a0452dd6d12a32de026c65acd15371f793caa4fc46ce130bd3b58ad460c103c giflib-devel-4.1.6-9.el7_9.1.ppc64le.rpm SHA-256: 16914f36af513f783ff362e632d5e07cdedb49173b383566be0a006b20b017e3 giflib-utils-4.1.6-9.el7_9.1.ppc64le.rpm SHA-256: 0e82f8a489992ea0be19604f6d0a0d464de1307f0cc7dde2c2e248cca36240b4 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .