A double-free vulnerability (CVE-2026-23868, CVSS 5.1) in the giflib library can lead to memory corruption. The flaw affects Red Hat Enterprise Linux 10.0 Extended Update Support, and Red Hat has released patched packages to remediate the issue.
Red Hat Product Errata RHSA-2026:9290 - Security Advisory Issued: 2026-04-21 Updated: 2026-04-21 RHSA-2026:9290 - Security Advisory Overview Updated Packages Synopsis Important: giflib security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for giflib is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description giflib is a library for reading and writing gif images. Security Fix(es): giflib: Giflib: Double-free vulnerability leading to memory corruption (CVE-2026-23868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2446207 - CVE-2026-23868 giflib: Giflib: Double-free vulnerability leading to memory corruption CVEs CVE-2026-23868 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM giflib-5.2.1-22.el10_0.1.src.rpm SHA-256: d6a46d700fe27c6a422fd78f6093dd6417176cfb688a88ac5c49f2b4da8acbae x86_64 giflib-5.2.1-22.el10_0.1.x86_64.rpm SHA-256: 40d6e8256cac5bbb2915f2f918390f000e2f8592c5f503b7c7f0751a10131f3c giflib-debuginfo-5.2.1-22.el10_0.1.x86_64.rpm SHA-256: 7b86b585d9eb43fe0b9961c95c39568c70cee848302a4e8e4ccad6e7edcd65ee giflib-debugsource-5.2.1-22.el10_0.1.x86_64.rpm SHA-256: d126ddfc6299044aa34d970c062f8a997d16f1335f3417fea5b2abb49d520d47 giflib-utils-debuginfo-5.2.1-22.el10_0.1.x86_64.rpm SHA-256: 7f5ecca1dfc744284b3ebc29ec30f86cb9c3269a3324c6983e3725419d0bb37b Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM giflib-5.2.1-22.el10_0.1.src.rpm SHA-256: d6a46d700fe27c6a422fd78f6093dd6417176cfb688a88ac5c49f2b4da8acbae s390x giflib-5.2.1-22.el10_0.1.s390x.rpm SHA-256: 1460cd403271916e2409c48353283276bddfaf1e6f7d725784a2ad19e7595c77 giflib-debuginfo-5.2.1-22.el10_0.1.s390x.rpm SHA-256: 090423d440dc45095159d7d76958f6b369cd05ac57ec4876097c97e4f1efe38d giflib-debugsource-5.2.1-22.el10_0.1.s390x.rpm SHA-256: 4e3d8d6006fbe8cd24e18b672bf1d6f2031279ad422839ba516ddc073510da99 giflib-utils-debuginfo-5.2.1-22.el10_0.1.s390x.rpm SHA-256: 1a08c10fcaf5f7a8b81508f100a7b3eef5ef5590b78c69acd226cf71f4fa5b29 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM giflib-5.2.1-22.el10_0.1.src.rpm SHA-256: d6a46d700fe27c6a422fd78f6093dd6417176cfb688a88ac5c49f2b4da8acbae ppc64le giflib-5.2.1-22.el10_0.1.ppc64le.rpm SHA-256: eb966a87aee857a0bd00bd2bba8737b9a9ba0310adb0578a4038e04ce7f7dbca giflib-debuginfo-5.2.1-22.el10_0.1.ppc64le.rpm SHA-256: 6519eea147274bf3320e5959adfdd4c1723ac4d4e40bdcd41e0ad734f6068f18 giflib-debugsource-5.2.1-22.el10_0.1.ppc64le.rpm SHA-256: 502990092c0ab083a92b84863a9963b328325b71ad737c5fad9dc3386e720051 giflib-utils-debuginfo-5.2.1-22.el10_0.1.ppc64le.rpm SHA-256: 2c02f7000ef6a3b04337583b5beeb40268be23564de6a02780c39c3ec7ebeae0 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM giflib-5.2.1-22.el10_0.1.src.rpm SHA-256: d6a46d700fe27c6a422fd78f6093dd6417176cfb688a88ac5c49f2b4da8acbae aarch64 giflib-5.2.1-22.el10_0.1.aarch64.rpm SHA-256: 3e6f0565cc6acaadf70af883b4a3ad5eecf47179630afd5b0d41aee3032f5606 giflib-debuginfo-5.2.1-22.el10_0.1.aarch64.rpm SHA-256: 1bfdddc7f22781637379cf2bef99d740c33c4453a34f25bdfb8832291853a633 giflib-debugsource-5.2.1-22.el10_0.1.aarch64.rpm SHA-256: c3dbeda6f6aaaccbbab232c215e768d4090374e35acde1756b0f4309f0938371 giflib-utils-debuginfo-5.2.1-22.el10_0.1.aarch64.rpm SHA-256: e0de1d61ec7dd5625f807c944dac9eda12127bae8c4ed72b4251fd6981c2ad53 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 SRPM x86_64 giflib-debuginfo-5.2.1-22.el10_0.1.x86_64.rpm SHA-256: 7b86b585d9eb43fe0b9961c95c39568c70cee848302a4e8e4ccad6e7edcd65ee giflib-debugsource-5.2.1-22.el10_0.1.x86_64.rpm SHA-256: d126ddfc6299044aa34d970c062f8a997d16f1335f3417fea5b2abb49d520d47 giflib-devel-5.2.1-22.el10_0.1.x86_64.rpm SHA-256: 812fb5cee9babc8722d2785bd23eaed073821fc0c11ad62c4cb58a4e005ef885 giflib-utils-debuginfo-5.2.1-22.el10_0.1.x86_64.rpm SHA-256: 7f5ecca1dfc744284b3ebc29ec30f86cb9c3269a3324c6983e3725419d0bb37b Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 SRPM ppc64le giflib-debuginfo-5.2.1-22.el10_0.1.ppc64le.rpm SHA-256: 6519eea147274bf3320e5959adfdd4c1723ac4d4e40bdcd41e0ad734f6068f18 giflib-debugsource-5.2.1-22.el10_0.1.ppc64le.rpm SHA-256: 502990092c0ab083a92b84863a9963b328325b71ad737c5fad9dc3386e720051 giflib-devel-5.2.1-22.el10_0.1.ppc64le.rpm SHA-256: c155b026ea4d7befeb89ea2b4500612e80575e2dd4abe97058f7f336acd17b85 giflib-utils-debuginfo-5.2.1-22.el10_0.1.ppc64le.rpm SHA-256: 2c02f7000ef6a3b04337583b5beeb40268be23564de6a02780c39c3ec7ebeae0 Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 SRPM s390x giflib-debuginfo-5.2.1-22.el10_0.1.s390x.rpm SHA-256: 090423d440dc45095159d7d76958f6b369cd05ac57ec4876097c97e4f1efe38d giflib-debugsource-5.2.1-22.el10_0.1.s390x.rpm SHA-256: 4e3d8d6006fbe8cd24e18b672bf1d6f2031279ad422839ba516ddc073510da99 giflib-devel-5.2.1-22.el10_0.1.s390x.rpm SHA-256: 5cd50f3e472802b20643ca69c8775c5a33be33e00371df09ccf571b3889b95d8 giflib-utils-debuginfo-5.2.1-22.el10_0.1.s390x.rpm SHA-256: 1a08c10fcaf5f7a8b81508f100a7b3eef5ef5590b78c69acd226cf71f4fa5b29 Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 SRPM aarch64 giflib-debuginfo-5.2.1-22.el10_0.1.aarch64.rpm SHA-256: 1bfdddc7f22781637379cf2bef99d740c33c4453a34f25bdfb8832291853a633 giflib-debugsource-5.2.1-22.el10_0.1.aarch64.rpm SHA-256: c3dbeda6f6aaaccbbab232c215e768d4090374e35acde1756b0f4309f0938371 giflib-devel-5.2.1-22.el10_0.1.aarch64.rpm SHA-256: b231ddf31491dfbd952a6054ff24894299cffb5b93d6389095f21fd60e84c37f giflib-utils-debuginfo-5.2.1-22.el10_0.1.aarch64.rpm SHA-256: e0de1d61ec7dd5625f807c944dac9eda12127bae8c4ed72b4251fd6981c2ad53 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 SRPM giflib-5.2.1-22.el10_0.1.src.rpm SHA-256: d6a46d700fe27c6a422fd78f6093dd6417176cfb688a88ac5c49f2b4da8acbae aarch64 giflib-5.2.1-22.el10_0.1.aarch64.rpm SHA-256: 3e6f0565cc6acaadf70af883b4a3ad5eecf47179630afd5b0d41aee3032f5606 giflib-debuginfo-5.2.1-22.el10_0.1.aarch64.rpm SHA-256: 1bfdddc7f22781637379cf2bef99d740c33c4453a34f25bdfb8832291853a633 giflib-debugsource-5.2.1-22.el10_0.1.aarch64.rpm SHA-256: c3dbeda6f6aaaccbbab232c215e768d4090374e35acde1756b0f4309f0938371 giflib-utils-debuginfo-5.2.1-22.el10_0.1.aarch64.rpm SHA-256: e0de1d61ec7dd5625f807c944dac9eda12127bae8c4ed72b4251fd6981c2ad53 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 SRPM giflib-5.2.1-22.el10_0.1.src.rpm SHA-256: d6a46d700fe27c6a422fd78f6093dd6417176cfb688a88ac5c49f2b4da8acbae s390x giflib-5.2.1-22.el10_0.1.s390x.rpm SHA-256: 1460cd403271916e2409c48353283276bddfaf1e6f7d725784a2ad19e7595c77 giflib-debuginfo-5.2.1-22.el10_0.1.s390x.rpm SHA-256: 090423d440dc45095159d7d76958f6b369cd05ac57ec4876097c97e4f1efe38d giflib-debugsource-5.2.1-22.el10_0.1.s390x.rpm SHA-256: 4e3d8d6006fbe8cd24e18b672bf1d6f2031279ad422839ba516ddc073510da99 giflib-utils-debuginfo-5.2.1-22.el10_0.1.s390x.rpm SHA-256: 1a08c10fcaf5f7a8b81508f100a7b3eef5ef5590b78c69acd226cf71f4fa5b29 Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 SRPM giflib-5.2.1-22.el10_0.1.src.rpm SHA-256: d6a46d700fe27c6a422fd78f6093dd6417176cfb688a88ac5c49f2b4da8acbae ppc64le giflib-5.2.1-22.el10_0.1.ppc64le.rpm SHA-256: eb966a87aee857a0bd00bd2bba8737b9a9ba0310adb0578a4038e04ce7f7dbca giflib-debuginfo-5.2.1-22.el10_0.1.ppc64le.rpm SHA-256: 6519eea147274bf3320e5959adfdd4c1723ac4d4e40bdcd41e0ad734f6068f18 giflib-debugsource-5.2.1-22.el10_0.1.ppc64le.rpm SHA-256: 502990092c0ab083a92b84863a9963b328325b71ad737c5fad9dc3386e720051 giflib-utils-debuginfo-5.2.1-22.el10_0.1.ppc64le.rpm SHA-256: 2c02f7000ef6a3b04337583b5beeb40268be23564de6a02780c39c3ec7ebeae0 Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 SRPM giflib-5.2.1-22.el10_0.1.src.rpm SHA-256: d6a46d700fe27c6a422fd78f6093dd6417176cfb688a88ac5c49f2b4da8acbae x86_64 giflib-5.2.1-22.el10_0.1.x86_64.rpm SHA-256: 40d6e8256cac5bbb2915f2f918390f000e2f8592c5f503b7c7f0751a10131f3c giflib-debuginfo-5.2.1-22.el10_0.1.x86_64.rpm SHA-256: 7b86b585d9eb43fe0b9961c95c39568c70cee848302a4e8e4ccad6e7edcd65ee giflib-debugsource-5.2.1-22.el10_0.1.x86_64.rpm SHA-256: d1