A double-free vulnerability (CVE-2026-23868, CVSS 5.1) in the giflib library can lead to memory corruption when processing GIF images. The flaw affects giflib packages for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions across multiple architectures. Red Hat has released fixed packages, specifically version giflib-5.2.1-9.el9_0.1, to address this issue.
Red Hat Product Errata RHSA-2026:9291 - Security Advisory Issued: 2026-04-21 Updated: 2026-04-21 RHSA-2026:9291 - Security Advisory Overview Updated Packages Synopsis Important: giflib security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for giflib is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description giflib is a library for reading and writing gif images. Security Fix(es): giflib: Giflib: Double-free vulnerability leading to memory corruption (CVE-2026-23868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x Fixes BZ - 2446207 - CVE-2026-23868 giflib: Giflib: Double-free vulnerability leading to memory corruption CVEs CVE-2026-23868 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 SRPM giflib-5.2.1-9.el9_0.1.src.rpm SHA-256: a03acdd8cc8ceb71e772d4f172058aaf9a78e7f3139af7028a38dee428648eb1 ppc64le giflib-5.2.1-9.el9_0.1.ppc64le.rpm SHA-256: 950018335c8b745ebf17630ac13eed48e83ee70e8d34ffbb46edc6fab075f6cb giflib-debuginfo-5.2.1-9.el9_0.1.ppc64le.rpm SHA-256: 15242d4cf0458e06a4e1a7c9367b9ad9f9307e06b3821ad5bbdba5966d18eaee giflib-debugsource-5.2.1-9.el9_0.1.ppc64le.rpm SHA-256: 81c082cddf9d915ceb98480c37182bc57d00e765c8b7d96a3fc9d47145391f62 giflib-utils-debuginfo-5.2.1-9.el9_0.1.ppc64le.rpm SHA-256: 553c2caef8e29876631cd73c56c084cdca890a6925b6ed1ab1f91557fdc46308 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 SRPM giflib-5.2.1-9.el9_0.1.src.rpm SHA-256: a03acdd8cc8ceb71e772d4f172058aaf9a78e7f3139af7028a38dee428648eb1 x86_64 giflib-5.2.1-9.el9_0.1.i686.rpm SHA-256: c0680d486309034b45309b798dfc8be06877a2bebcae9960fcefe89410a758d0 giflib-5.2.1-9.el9_0.1.x86_64.rpm SHA-256: bf249ae350fc8d5b2c2bba6e684c9b2c14d3233a817df1b21c11b405b35ad215 giflib-debuginfo-5.2.1-9.el9_0.1.i686.rpm SHA-256: 24122104a7fe222b3aaa516498925ac71fecc5fde2604a333082b1bffca53fee giflib-debuginfo-5.2.1-9.el9_0.1.x86_64.rpm SHA-256: aba65fc1574caf9352521d407139636dc2430f56862a31ee248daf71b713675c giflib-debugsource-5.2.1-9.el9_0.1.i686.rpm SHA-256: 27e2091a16139f50ed7ad0c9e4f4db15765a1a58f308d0d963fb16cef5fb8ea5 giflib-debugsource-5.2.1-9.el9_0.1.x86_64.rpm SHA-256: a56220b79f5f5092eb8bc66322382417b0e260d8cd52a511d61a4ff34629a141 giflib-utils-debuginfo-5.2.1-9.el9_0.1.i686.rpm SHA-256: c2887e37aa3b62dbcc4bbdbef968319aceefc490616b0421eba59b3291fdc028 giflib-utils-debuginfo-5.2.1-9.el9_0.1.x86_64.rpm SHA-256: 31d8a756e0e01ccea8aa505afc6ed39be96b387bf3001f1ae30179eaaf29aa92 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 SRPM giflib-5.2.1-9.el9_0.1.src.rpm SHA-256: a03acdd8cc8ceb71e772d4f172058aaf9a78e7f3139af7028a38dee428648eb1 aarch64 giflib-5.2.1-9.el9_0.1.aarch64.rpm SHA-256: c82022662ff06c834098fa0e3dea3e074c850d64a6917c0fcf3cf1dc0c1917e6 giflib-debuginfo-5.2.1-9.el9_0.1.aarch64.rpm SHA-256: f91ac2bce21e4744bec1233d64a7334f5109e10c735af06499fcd61b1f36186d giflib-debugsource-5.2.1-9.el9_0.1.aarch64.rpm SHA-256: 5503a5f8dbf08313fad55b81154c509b3e5902e7458cde63aa244c91902a8d1e giflib-utils-debuginfo-5.2.1-9.el9_0.1.aarch64.rpm SHA-256: 5bde6a755926d445531cd94b1777bd45387c9290e6b76a21e6ec52e70081e929 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 SRPM giflib-5.2.1-9.el9_0.1.src.rpm SHA-256: a03acdd8cc8ceb71e772d4f172058aaf9a78e7f3139af7028a38dee428648eb1 s390x giflib-5.2.1-9.el9_0.1.s390x.rpm SHA-256: 7a08dd47736e66db9b33fca1f79d5db1513c3d4c09ea652badb0d1f8bd1f4b10 giflib-debuginfo-5.2.1-9.el9_0.1.s390x.rpm SHA-256: 0780f58f3a59ac5fdb36601e5ee3b9aa199b55bc2e473365fdf113be49f44fba giflib-debugsource-5.2.1-9.el9_0.1.s390x.rpm SHA-256: 7f7ef40647b6af0e6d122915f32497d3417a51a148fe3ac8e7cbc44ee8b287ac giflib-utils-debuginfo-5.2.1-9.el9_0.1.s390x.rpm SHA-256: 7dbcf5c0a32878e4b56b93b4c7069983fc64c0320a4527606b21de9f131ff752 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .