A double-free vulnerability (CVE-2026-23868, CVSS 5.1) in the giflib library can lead to memory corruption when processing GIF images. The vulnerability affects Red Hat Enterprise Linux 9.4 Extended Update Support and related variants. Red Hat has released an update rated Important; administrators should apply the provided giflib-5.2.1-9.el9_4.1 package to remediate.
Red Hat Product Errata RHSA-2026:9295 - Security Advisory Issued: 2026-04-21 Updated: 2026-04-21 RHSA-2026:9295 - Security Advisory Overview Updated Packages Synopsis Important: giflib security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for giflib is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description giflib is a library for reading and writing gif images. Security Fix(es): giflib: Giflib: Double-free vulnerability leading to memory corruption (CVE-2026-23868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2446207 - CVE-2026-23868 giflib: Giflib: Double-free vulnerability leading to memory corruption CVEs CVE-2026-23868 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM giflib-5.2.1-9.el9_4.1.src.rpm SHA-256: 12200c2613a13368cc000e1a088dd0a06186bda6a46a32c2b0ceb1b57b44e2d9 x86_64 giflib-5.2.1-9.el9_4.1.i686.rpm SHA-256: 2b6530b42c18bc4d0cd370dcc28dd2208b4d8b3ab8373ba0fd01ea28f7ff5044 giflib-5.2.1-9.el9_4.1.x86_64.rpm SHA-256: e360f3713dcaef11bc094e81125e178d589cd90c107f56610220d616d8bb953e giflib-debuginfo-5.2.1-9.el9_4.1.i686.rpm SHA-256: 487b3e5137d491e005641a55f67c059b6e766908d1347419a1004757233eda7b giflib-debuginfo-5.2.1-9.el9_4.1.x86_64.rpm SHA-256: 6d2e9d61314eebbd8d1b46bd0f2ab49b079380ec6f5b15e435e3132c42958ae5 giflib-debugsource-5.2.1-9.el9_4.1.i686.rpm SHA-256: 7032c86ae124c5eea0c5e296e0d3a7e2e24432f62d4b317e3338ecce07239edc giflib-debugsource-5.2.1-9.el9_4.1.x86_64.rpm SHA-256: aea0d45b0738e0e1ea8902579ba3cbfe003d6d525c737487ced312a52d4ff287 giflib-utils-debuginfo-5.2.1-9.el9_4.1.i686.rpm SHA-256: b690482bda3cd88e3ebbed333a90f388ddac76f2552e4f9fbf09f0f5338917fb giflib-utils-debuginfo-5.2.1-9.el9_4.1.x86_64.rpm SHA-256: 59337e8e453b67da4aec95cc28c53cdeb63ce49199138102da8cbd2be4eb27fd Red Hat Enterprise Linux Server - AUS 9.4 SRPM giflib-5.2.1-9.el9_4.1.src.rpm SHA-256: 12200c2613a13368cc000e1a088dd0a06186bda6a46a32c2b0ceb1b57b44e2d9 x86_64 giflib-5.2.1-9.el9_4.1.i686.rpm SHA-256: 2b6530b42c18bc4d0cd370dcc28dd2208b4d8b3ab8373ba0fd01ea28f7ff5044 giflib-5.2.1-9.el9_4.1.x86_64.rpm SHA-256: e360f3713dcaef11bc094e81125e178d589cd90c107f56610220d616d8bb953e giflib-debuginfo-5.2.1-9.el9_4.1.i686.rpm SHA-256: 487b3e5137d491e005641a55f67c059b6e766908d1347419a1004757233eda7b giflib-debuginfo-5.2.1-9.el9_4.1.x86_64.rpm SHA-256: 6d2e9d61314eebbd8d1b46bd0f2ab49b079380ec6f5b15e435e3132c42958ae5 giflib-debugsource-5.2.1-9.el9_4.1.i686.rpm SHA-256: 7032c86ae124c5eea0c5e296e0d3a7e2e24432f62d4b317e3338ecce07239edc giflib-debugsource-5.2.1-9.el9_4.1.x86_64.rpm SHA-256: aea0d45b0738e0e1ea8902579ba3cbfe003d6d525c737487ced312a52d4ff287 giflib-utils-debuginfo-5.2.1-9.el9_4.1.i686.rpm SHA-256: b690482bda3cd88e3ebbed333a90f388ddac76f2552e4f9fbf09f0f5338917fb giflib-utils-debuginfo-5.2.1-9.el9_4.1.x86_64.rpm SHA-256: 59337e8e453b67da4aec95cc28c53cdeb63ce49199138102da8cbd2be4eb27fd Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 SRPM giflib-5.2.1-9.el9_4.1.src.rpm SHA-256: 12200c2613a13368cc000e1a088dd0a06186bda6a46a32c2b0ceb1b57b44e2d9 s390x giflib-5.2.1-9.el9_4.1.s390x.rpm SHA-256: 4f4316bb9b9bcb38d2f0463d880c8cee2a6e5f6f707ec6a898b5b37a97284e8a giflib-debuginfo-5.2.1-9.el9_4.1.s390x.rpm SHA-256: 5b790f57bc3409ccbabac6f31b92099e83bae2550e6ca6766201b0718af94736 giflib-debugsource-5.2.1-9.el9_4.1.s390x.rpm SHA-256: 6f30e1d24aea87f5147eeac4c847f22b1d7ec498a3faceda2a999379fe9c807d giflib-utils-debuginfo-5.2.1-9.el9_4.1.s390x.rpm SHA-256: 67de087b5fb0a3d067e03121580de35eabf000d91f92c5868891876c128dc414 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 SRPM giflib-5.2.1-9.el9_4.1.src.rpm SHA-256: 12200c2613a13368cc000e1a088dd0a06186bda6a46a32c2b0ceb1b57b44e2d9 ppc64le giflib-5.2.1-9.el9_4.1.ppc64le.rpm SHA-256: 6b57bffcd618166aa583625de0db7ab4d1bd8265bdc87e014db55f40f37c2396 giflib-debuginfo-5.2.1-9.el9_4.1.ppc64le.rpm SHA-256: 26aedbf1b36c6ca75df9e1a82f870b7a32aa8b2a4f919c2c0a10dbaa9fb7813c giflib-debugsource-5.2.1-9.el9_4.1.ppc64le.rpm SHA-256: c41deac4c9ba12af9b20d0c27449f4b3dc6301347feb8e3841c161b668b9d127 giflib-utils-debuginfo-5.2.1-9.el9_4.1.ppc64le.rpm SHA-256: ffa523f9d431477c4c9ea264796edfaa280efc94cf3967f3198751e54f5ef357 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 SRPM giflib-5.2.1-9.el9_4.1.src.rpm SHA-256: 12200c2613a13368cc000e1a088dd0a06186bda6a46a32c2b0ceb1b57b44e2d9 aarch64 giflib-5.2.1-9.el9_4.1.aarch64.rpm SHA-256: 862295f4f17bd6d3c7ded66ab525bef2b9953c30eee1edc0b08fd59d52e11d87 giflib-debuginfo-5.2.1-9.el9_4.1.aarch64.rpm SHA-256: efe8a791444f0763af0e8ca59610f5020f42a26bc40da4d52bbc4cb3cd04c001 giflib-debugsource-5.2.1-9.el9_4.1.aarch64.rpm SHA-256: 1164776f54f9efa0440cca1086b4629ded3ebcf0b6b696b213ff8f22871741e5 giflib-utils-debuginfo-5.2.1-9.el9_4.1.aarch64.rpm SHA-256: 91af94858c0ff54c7b2f7ec038539231f4558715400ed5e0b59bbe55eba028d1 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 SRPM giflib-5.2.1-9.el9_4.1.src.rpm SHA-256: 12200c2613a13368cc000e1a088dd0a06186bda6a46a32c2b0ceb1b57b44e2d9 ppc64le giflib-5.2.1-9.el9_4.1.ppc64le.rpm SHA-256: 6b57bffcd618166aa583625de0db7ab4d1bd8265bdc87e014db55f40f37c2396 giflib-debuginfo-5.2.1-9.el9_4.1.ppc64le.rpm SHA-256: 26aedbf1b36c6ca75df9e1a82f870b7a32aa8b2a4f919c2c0a10dbaa9fb7813c giflib-debugsource-5.2.1-9.el9_4.1.ppc64le.rpm SHA-256: c41deac4c9ba12af9b20d0c27449f4b3dc6301347feb8e3841c161b668b9d127 giflib-utils-debuginfo-5.2.1-9.el9_4.1.ppc64le.rpm SHA-256: ffa523f9d431477c4c9ea264796edfaa280efc94cf3967f3198751e54f5ef357 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 SRPM giflib-5.2.1-9.el9_4.1.src.rpm SHA-256: 12200c2613a13368cc000e1a088dd0a06186bda6a46a32c2b0ceb1b57b44e2d9 x86_64 giflib-5.2.1-9.el9_4.1.i686.rpm SHA-256: 2b6530b42c18bc4d0cd370dcc28dd2208b4d8b3ab8373ba0fd01ea28f7ff5044 giflib-5.2.1-9.el9_4.1.x86_64.rpm SHA-256: e360f3713dcaef11bc094e81125e178d589cd90c107f56610220d616d8bb953e giflib-debuginfo-5.2.1-9.el9_4.1.i686.rpm SHA-256: 487b3e5137d491e005641a55f67c059b6e766908d1347419a1004757233eda7b giflib-debuginfo-5.2.1-9.el9_4.1.x86_64.rpm SHA-256: 6d2e9d61314eebbd8d1b46bd0f2ab49b079380ec6f5b15e435e3132c42958ae5 giflib-debugsource-5.2.1-9.el9_4.1.i686.rpm SHA-256: 7032c86ae124c5eea0c5e296e0d3a7e2e24432f62d4b317e3338ecce07239edc giflib-debugsource-5.2.1-9.el9_4.1.x86_64.rpm SHA-256: aea0d45b0738e0e1ea8902579ba3cbfe003d6d525c737487ced312a52d4ff287 giflib-utils-debuginfo-5.2.1-9.el9_4.1.i686.rpm SHA-256: b690482bda3cd88e3ebbed333a90f388ddac76f2552e4f9fbf09f0f5338917fb giflib-utils-debuginfo-5.2.1-9.el9_4.1.x86_64.rpm SHA-256: 59337e8e453b67da4aec95cc28c53cdeb63ce49199138102da8cbd2be4eb27fd Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 SRPM x86_64 giflib-debuginfo-5.2.1-9.el9_4.1.i686.rpm SHA-256: 487b3e5137d491e005641a55f67c059b6e766908d1347419a1004757233eda7b giflib-debuginfo-5.2.1-9.el9_4.1.x86_64.rpm SHA-256: 6d2e9d61314eebbd8d1b46bd0f2ab49b079380ec6f5b15e435e3132c42958ae5 giflib-debugsource-5.2.1-9.el9_4.1.i686.rpm SHA-256: 7032c86ae124c5eea0c5e296e0d3a7e2e24432f62d4b317e3338ecce07239edc giflib-debugsource-5.2.1-9.el9_4.1.x86_64.rpm SHA-256: aea0d45b0738e0e1ea8902579ba3cbfe003d6d525c737487ced312a52d4ff287 giflib-devel-5.2.1-9.el9_4.1.i686.rpm SHA-256: f8a040e63c4e6e718ed8e072d07390fe52eaf9f643a89b1e60fe2903f83a0ab9 giflib-devel-5.2.1-9.el9_4.1.x86_64.rpm SHA-256: 15a3541a99d179388ed454f1aba30f9ac785012a6c65ed692a3c68c901a0f9df giflib-utils-debuginfo-5.2.1-9.el9_4.1.i686.rpm SHA-256: b690482bda3cd88e3ebbed333a90f388ddac76f2552e4f9fbf09f0f5338917fb giflib-utils-debuginfo-5.2.1-9.el9_4.1.x86_64.rpm SHA-256: 59337e8e453b67da4aec95cc28c53cdeb63ce49199138102da8cbd2be4eb27fd Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Suppo