A double-free vulnerability (CVE-2026-23868, CVSS 5.1) in the giflib library can lead to memory corruption when processing GIF files. The Red Hat security update RHSA-2026:8884 provides a fix for Red Hat Enterprise Linux 8.2 Advanced Update Support, with patched packages including giflib-5.1.4-3.el8_2.1. Administrators should apply the update via the referenced Red Hat solution article.
Red Hat Product Errata RHSA-2026:8884 - Security Advisory Issued: 2026-04-20 Updated: 2026-04-20 RHSA-2026:8884 - Security Advisory Overview Updated Packages Synopsis Important: giflib security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for giflib is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description giflib is a library for reading and writing gif images. Security Fix(es): giflib: Giflib: Double-free vulnerability leading to memory corruption (CVE-2026-23868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - AUS 8.2 x86_64 Fixes BZ - 2446207 - CVE-2026-23868 giflib: Giflib: Double-free vulnerability leading to memory corruption CVEs CVE-2026-23868 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 8.2 SRPM giflib-5.1.4-3.el8_2.1.src.rpm SHA-256: 28481e340378dec9b8a78f1c07a8c29602e5aa283d0bb3dd4cc36062612c2a3a x86_64 giflib-5.1.4-3.el8_2.1.i686.rpm SHA-256: f23a477defe4d7a4908231acac8ae916ff4259816af59207fb00716646a0f6e4 giflib-5.1.4-3.el8_2.1.x86_64.rpm SHA-256: 0f7166e080c8d28a87b0ed36eb22cd01564889da24ccc6bb3eef53d9e45b99e9 giflib-debuginfo-5.1.4-3.el8_2.1.i686.rpm SHA-256: b6017d2740123c2235a81f210cada512a2ee7bd6d29d003d0947cee7d2fd8733 giflib-debuginfo-5.1.4-3.el8_2.1.x86_64.rpm SHA-256: dc5dc278a7a936f8175923f9e09dffc660cf01a817691c92614951ce6391b48f giflib-debugsource-5.1.4-3.el8_2.1.i686.rpm SHA-256: 472ace6a349db32883394b7a89c6cad66d6ef002b68b3074e68a46037cbedf6c giflib-debugsource-5.1.4-3.el8_2.1.x86_64.rpm SHA-256: 9ff70eb4d72a4dfe7206eba610d41eaca9799b9b98d634b066ea9e007dd6273f giflib-utils-debuginfo-5.1.4-3.el8_2.1.i686.rpm SHA-256: 1d63150f229229be83d9bb97e27243812895d18bb21ad4030ccd9f8f6aa34552 giflib-utils-debuginfo-5.1.4-3.el8_2.1.x86_64.rpm SHA-256: fdadffd9b120b17ef2d3daa27b67a784743e6b63c1f79ff9351c4dfb2032d42a The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .