A double-free vulnerability (CVE-2026-23868, CVSS 5.1) in the giflib library can lead to memory corruption when processing GIF images. The Red Hat security advisory RHSA-2026:9292 rates this update as Important for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions and related Extended Life Cycle variants. The fix is provided in the updated package version giflib-5.2.1-9.el9_2.1.
Red Hat Product Errata RHSA-2026:9292 - Security Advisory Issued: 2026-04-21 Updated: 2026-04-21 RHSA-2026:9292 - Security Advisory Overview Updated Packages Synopsis Important: giflib security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for giflib is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description giflib is a library for reading and writing gif images. Security Fix(es): giflib: Giflib: Double-free vulnerability leading to memory corruption (CVE-2026-23868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - AUS 9.2 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x Fixes BZ - 2446207 - CVE-2026-23868 giflib: Giflib: Double-free vulnerability leading to memory corruption CVEs CVE-2026-23868 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 9.2 SRPM giflib-5.2.1-9.el9_2.1.src.rpm SHA-256: 61362f8c17446d6b992073bc743ff493b481c9b71c71aee27e37036099853fba x86_64 giflib-5.2.1-9.el9_2.1.i686.rpm SHA-256: 3162ef1c202bb279e51b3c00302e883bf72c04c8893c73301bdb2f78ea78b57d giflib-5.2.1-9.el9_2.1.x86_64.rpm SHA-256: f2c90af94fd0bbad37168dfcdf02e877f9c059a37127be3014413d603fa1db45 giflib-debuginfo-5.2.1-9.el9_2.1.i686.rpm SHA-256: 0daf3dd92131e862e47b58cbf8455e4d657c23882d9e7b299a1da11da130fdb6 giflib-debuginfo-5.2.1-9.el9_2.1.x86_64.rpm SHA-256: 4bb531849ba5ac5cdcf865ad9fb02639780b97244cba875fea3fc2a0e6a5726b giflib-debugsource-5.2.1-9.el9_2.1.i686.rpm SHA-256: 231fa2f74339c7cf96e0eac3c810405ade3dd842fc866ab1fc35fb7020022d57 giflib-debugsource-5.2.1-9.el9_2.1.x86_64.rpm SHA-256: 8fc633d6bdaf73519bfe73b1342f2bcdff814093da28af8f6695241dfec74e78 giflib-utils-debuginfo-5.2.1-9.el9_2.1.i686.rpm SHA-256: 6eb6647755a9c3b005202fd7f6caa554bc0d66927a72c45c4f3eca580e17f4ae giflib-utils-debuginfo-5.2.1-9.el9_2.1.x86_64.rpm SHA-256: 463a2518faa41ce8134d025c5d51074246fc73f9f8a66fa7de93babd98871b68 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 SRPM giflib-5.2.1-9.el9_2.1.src.rpm SHA-256: 61362f8c17446d6b992073bc743ff493b481c9b71c71aee27e37036099853fba ppc64le giflib-5.2.1-9.el9_2.1.ppc64le.rpm SHA-256: 4667f64088f7f1220008d2487901432be8bbaeee949ff726c04add2992da4006 giflib-debuginfo-5.2.1-9.el9_2.1.ppc64le.rpm SHA-256: fd55ea312dea192433f44718f22a60284c6353a4e68f0458d6bf86f48ddd494d giflib-debugsource-5.2.1-9.el9_2.1.ppc64le.rpm SHA-256: 5729b687a837e5683600045b643ce022a2733ba62adf1f9e4d7b90773561ae77 giflib-utils-debuginfo-5.2.1-9.el9_2.1.ppc64le.rpm SHA-256: 22e41f0792d4ce7cce8c905e4a5361c9f96232057410b0ad48f5e77df03b4284 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 SRPM giflib-5.2.1-9.el9_2.1.src.rpm SHA-256: 61362f8c17446d6b992073bc743ff493b481c9b71c71aee27e37036099853fba x86_64 giflib-5.2.1-9.el9_2.1.i686.rpm SHA-256: 3162ef1c202bb279e51b3c00302e883bf72c04c8893c73301bdb2f78ea78b57d giflib-5.2.1-9.el9_2.1.x86_64.rpm SHA-256: f2c90af94fd0bbad37168dfcdf02e877f9c059a37127be3014413d603fa1db45 giflib-debuginfo-5.2.1-9.el9_2.1.i686.rpm SHA-256: 0daf3dd92131e862e47b58cbf8455e4d657c23882d9e7b299a1da11da130fdb6 giflib-debuginfo-5.2.1-9.el9_2.1.x86_64.rpm SHA-256: 4bb531849ba5ac5cdcf865ad9fb02639780b97244cba875fea3fc2a0e6a5726b giflib-debugsource-5.2.1-9.el9_2.1.i686.rpm SHA-256: 231fa2f74339c7cf96e0eac3c810405ade3dd842fc866ab1fc35fb7020022d57 giflib-debugsource-5.2.1-9.el9_2.1.x86_64.rpm SHA-256: 8fc633d6bdaf73519bfe73b1342f2bcdff814093da28af8f6695241dfec74e78 giflib-utils-debuginfo-5.2.1-9.el9_2.1.i686.rpm SHA-256: 6eb6647755a9c3b005202fd7f6caa554bc0d66927a72c45c4f3eca580e17f4ae giflib-utils-debuginfo-5.2.1-9.el9_2.1.x86_64.rpm SHA-256: 463a2518faa41ce8134d025c5d51074246fc73f9f8a66fa7de93babd98871b68 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 SRPM giflib-5.2.1-9.el9_2.1.src.rpm SHA-256: 61362f8c17446d6b992073bc743ff493b481c9b71c71aee27e37036099853fba aarch64 giflib-5.2.1-9.el9_2.1.aarch64.rpm SHA-256: fa99b32f5d56014130ba7740db2336517257b61a4255683d81150eecdfd5ad98 giflib-debuginfo-5.2.1-9.el9_2.1.aarch64.rpm SHA-256: 0ac6883290b91c96c4a476176c4f806b957b2f95521f832349015c207bfeb25a giflib-debugsource-5.2.1-9.el9_2.1.aarch64.rpm SHA-256: a831ed4e80fadfbe1518beb35d3800812cb691ebe8e6ce802db26003098cb0be giflib-utils-debuginfo-5.2.1-9.el9_2.1.aarch64.rpm SHA-256: 4aafc7d20a72990f59c916041e4fed424e57ad17b60ed64b0435654e401d0c96 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 SRPM giflib-5.2.1-9.el9_2.1.src.rpm SHA-256: 61362f8c17446d6b992073bc743ff493b481c9b71c71aee27e37036099853fba s390x giflib-5.2.1-9.el9_2.1.s390x.rpm SHA-256: 1e9abcffd360fdb975d602926da1ba96655500823e728eb90f6ff1fb658de924 giflib-debuginfo-5.2.1-9.el9_2.1.s390x.rpm SHA-256: 78d6c8ecee1cf8106242545b6a09d826560a2a1c3e274453bbce22907ddb3708 giflib-debugsource-5.2.1-9.el9_2.1.s390x.rpm SHA-256: 6693dafc742eca5fb7cec82eaf265c4b1a4af4795f7aa81e243782b49adc29af giflib-utils-debuginfo-5.2.1-9.el9_2.1.s390x.rpm SHA-256: 7385240f5adf02f6c3ebbabfbfe86f93d9e47f56faac7898e64208e208216137 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 SRPM giflib-5.2.1-9.el9_2.1.src.rpm SHA-256: 61362f8c17446d6b992073bc743ff493b481c9b71c71aee27e37036099853fba x86_64 giflib-5.2.1-9.el9_2.1.i686.rpm SHA-256: 3162ef1c202bb279e51b3c00302e883bf72c04c8893c73301bdb2f78ea78b57d giflib-5.2.1-9.el9_2.1.x86_64.rpm SHA-256: f2c90af94fd0bbad37168dfcdf02e877f9c059a37127be3014413d603fa1db45 giflib-debuginfo-5.2.1-9.el9_2.1.i686.rpm SHA-256: 0daf3dd92131e862e47b58cbf8455e4d657c23882d9e7b299a1da11da130fdb6 giflib-debuginfo-5.2.1-9.el9_2.1.x86_64.rpm SHA-256: 4bb531849ba5ac5cdcf865ad9fb02639780b97244cba875fea3fc2a0e6a5726b giflib-debugsource-5.2.1-9.el9_2.1.i686.rpm SHA-256: 231fa2f74339c7cf96e0eac3c810405ade3dd842fc866ab1fc35fb7020022d57 giflib-debugsource-5.2.1-9.el9_2.1.x86_64.rpm SHA-256: 8fc633d6bdaf73519bfe73b1342f2bcdff814093da28af8f6695241dfec74e78 giflib-utils-debuginfo-5.2.1-9.el9_2.1.i686.rpm SHA-256: 6eb6647755a9c3b005202fd7f6caa554bc0d66927a72c45c4f3eca580e17f4ae giflib-utils-debuginfo-5.2.1-9.el9_2.1.x86_64.rpm SHA-256: 463a2518faa41ce8134d025c5d51074246fc73f9f8a66fa7de93babd98871b68 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 SRPM giflib-5.2.1-9.el9_2.1.src.rpm SHA-256: 61362f8c17446d6b992073bc743ff493b481c9b71c71aee27e37036099853fba aarch64 giflib-5.2.1-9.el9_2.1.aarch64.rpm SHA-256: fa99b32f5d56014130ba7740db2336517257b61a4255683d81150eecdfd5ad98 giflib-debuginfo-5.2.1-9.el9_2.1.aarch64.rpm SHA-256: 0ac6883290b91c96c4a476176c4f806b957b2f95521f832349015c207bfeb25a giflib-debugsource-5.2.1-9.el9_2.1.aarch64.rpm SHA-256: a831ed4e80fadfbe1518beb35d3800812cb691ebe8e6ce802db26003098cb0be giflib-utils-debuginfo-5.2.1-9.el9_2.1.aarch64.rpm SHA-256: 4aafc7d20a72990f59c916041e4fed424e57ad17b60ed64b0435654e401d0c96 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 SRPM giflib-5.2.1-9.el9_2.1.src.rpm SHA-256: 61362f8c17446d6b992073bc743ff493b481c9b71c71aee27e37036099853fba ppc64le giflib-5.2.1-9.el9_2.1.ppc64le.rpm SHA-256: 4667f64088f7f1220008d2487901432be8bbaeee949ff726c04add2992da4006 giflib-debuginfo-5.2.1-9.el9_2.1.ppc64le.rpm SHA-256: fd55ea312dea192433f44718f22a60284c6353a4e68f0458d6bf86f48ddd494d giflib-debugsource-5.2.1-9.el9_2.1.ppc64le.rpm SHA-256: 5729b687a837e5683600045b643ce022a2733ba62adf1f9e4d7b90773561ae77 giflib-utils-debuginfo-5.2.1-9.el9_2.1.ppc64le.rpm SHA-256: 22e41f0792d4ce7cce8c905e4a5361c9f96232057410b0ad48f5e77df03b4284 Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 SRPM giflib-5.2.1-9.el9_2.1.src.rpm SHA-256: 61362f8c17446d6b992073bc743ff493b481c9b71c71aee27e37036099853fba s390x giflib-5.2.1-9.el9_2.1.s390x.rpm SHA-256: 1e9abcffd360fdb975d602926da1ba96655500823e728eb90f6ff1fb658de924 giflib-debuginfo-5.2.1-9.el9_2.1.s390x.rpm SHA-256: 78d6c8ecee1cf8106242545b6a09d826560a2a1c3e274453bbce22907ddb3708 giflib-debugsource-5.2.1-9.el9_2.1.s390x.rpm SHA-256: 6693dafc742eca5fb7cec82eaf265c4b1a4af4795f7aa81e243782b49adc29af giflib-utils-debuginfo-5.2.1-9.el9_2.1.s390x.rpm SHA-256: 7385240f5adf02f6c3ebbabfbfe86f93d9e47f56faac7898e64208e208216137 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .