A double-free vulnerability (CVE-2026-23868, CVSS 5.1) in the giflib library can lead to memory corruption. The vulnerability affects giflib versions 5.0.0 through 6.1.1. Red Hat has issued an Important-rated security update for giflib in RHEL 10 to address this issue.
Red Hat Product Errata RHSA-2026:19154 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19154 - Security Advisory Overview Updated Packages Synopsis Important: giflib security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for giflib is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description giflib is a library for reading and writing gif images. Security Fix(es): giflib: Giflib: Double-free vulnerability leading to memory corruption (CVE-2026-23868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2446207 - CVE-2026-23868 giflib: Giflib: Double-free vulnerability leading to memory corruption CVEs CVE-2026-23868 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM giflib-5.2.1-24.el10_2.src.rpm SHA-256: aa8b15536f18636f0103dc85f4afeee43be30cedfa6c19c0c86e3686d7662528 x86_64 giflib-5.2.1-24.el10_2.x86_64.rpm SHA-256: b220ab7b76fc21cbd0d1875a15ccb7bdc00c52085c1d92bc681675fd650c05ab giflib-debuginfo-5.2.1-24.el10_2.x86_64.rpm SHA-256: 2eeff3b8307f84e0a90ee44de1dced83112b6d77592dfe63922785f194755980 giflib-debugsource-5.2.1-24.el10_2.x86_64.rpm SHA-256: 3bfb0752c8333e46d8972fe983516a41e498f902178f00b2e59ae7ae1146744b giflib-utils-debuginfo-5.2.1-24.el10_2.x86_64.rpm SHA-256: d37a04329e287a4481b51c51b50b0586f140785cde9cfeaec0b04868e5c2ac57 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM giflib-5.2.1-24.el10_2.src.rpm SHA-256: aa8b15536f18636f0103dc85f4afeee43be30cedfa6c19c0c86e3686d7662528 x86_64 giflib-5.2.1-24.el10_2.x86_64.rpm SHA-256: b220ab7b76fc21cbd0d1875a15ccb7bdc00c52085c1d92bc681675fd650c05ab giflib-debuginfo-5.2.1-24.el10_2.x86_64.rpm SHA-256: 2eeff3b8307f84e0a90ee44de1dced83112b6d77592dfe63922785f194755980 giflib-debugsource-5.2.1-24.el10_2.x86_64.rpm SHA-256: 3bfb0752c8333e46d8972fe983516a41e498f902178f00b2e59ae7ae1146744b giflib-utils-debuginfo-5.2.1-24.el10_2.x86_64.rpm SHA-256: d37a04329e287a4481b51c51b50b0586f140785cde9cfeaec0b04868e5c2ac57 Red Hat Enterprise Linux for IBM z Systems 10 SRPM giflib-5.2.1-24.el10_2.src.rpm SHA-256: aa8b15536f18636f0103dc85f4afeee43be30cedfa6c19c0c86e3686d7662528 s390x giflib-5.2.1-24.el10_2.s390x.rpm SHA-256: daa149d8c2bbb4acc74e33f1aa7936871ae58c49ef01d82db82a328d8aee1c27 giflib-debuginfo-5.2.1-24.el10_2.s390x.rpm SHA-256: d2772f5f0885e220fa955f6c78a080f83b6aa247086db6f318758dc37384fac2 giflib-debugsource-5.2.1-24.el10_2.s390x.rpm SHA-256: 386e1740ff5842b1dfe7144d496877dc073d777232cb42903f00b9c74c45069a giflib-utils-debuginfo-5.2.1-24.el10_2.s390x.rpm SHA-256: 3f0cbae74ddbb1b7915f17ea136d41cbffbff7afd4b5dbe73bdf79daffc44546 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 SRPM giflib-5.2.1-24.el10_2.src.rpm SHA-256: aa8b15536f18636f0103dc85f4afeee43be30cedfa6c19c0c86e3686d7662528 s390x giflib-5.2.1-24.el10_2.s390x.rpm SHA-256: daa149d8c2bbb4acc74e33f1aa7936871ae58c49ef01d82db82a328d8aee1c27 giflib-debuginfo-5.2.1-24.el10_2.s390x.rpm SHA-256: d2772f5f0885e220fa955f6c78a080f83b6aa247086db6f318758dc37384fac2 giflib-debugsource-5.2.1-24.el10_2.s390x.rpm SHA-256: 386e1740ff5842b1dfe7144d496877dc073d777232cb42903f00b9c74c45069a giflib-utils-debuginfo-5.2.1-24.el10_2.s390x.rpm SHA-256: 3f0cbae74ddbb1b7915f17ea136d41cbffbff7afd4b5dbe73bdf79daffc44546 Red Hat Enterprise Linux for Power, little endian 10 SRPM giflib-5.2.1-24.el10_2.src.rpm SHA-256: aa8b15536f18636f0103dc85f4afeee43be30cedfa6c19c0c86e3686d7662528 ppc64le giflib-5.2.1-24.el10_2.ppc64le.rpm SHA-256: 7cfd046ee60e2903110c02311adcaebdec13c8be058beaf841a274265c461337 giflib-debuginfo-5.2.1-24.el10_2.ppc64le.rpm SHA-256: 978b8b27abb7b872f76e7283de1d284e1f9b6113ff238289e9e8fa4495ee029f giflib-debugsource-5.2.1-24.el10_2.ppc64le.rpm SHA-256: 7c5181a61a60fbf604e87c895bc30200a62939261683cae1fa0598de63c79c95 giflib-utils-debuginfo-5.2.1-24.el10_2.ppc64le.rpm SHA-256: 7f92767d23ded7079d3f07d9c31be0ba9aacaf04d34648b9f4698814ccdb2fe0 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 SRPM giflib-5.2.1-24.el10_2.src.rpm SHA-256: aa8b15536f18636f0103dc85f4afeee43be30cedfa6c19c0c86e3686d7662528 ppc64le giflib-5.2.1-24.el10_2.ppc64le.rpm SHA-256: 7cfd046ee60e2903110c02311adcaebdec13c8be058beaf841a274265c461337 giflib-debuginfo-5.2.1-24.el10_2.ppc64le.rpm SHA-256: 978b8b27abb7b872f76e7283de1d284e1f9b6113ff238289e9e8fa4495ee029f giflib-debugsource-5.2.1-24.el10_2.ppc64le.rpm SHA-256: 7c5181a61a60fbf604e87c895bc30200a62939261683cae1fa0598de63c79c95 giflib-utils-debuginfo-5.2.1-24.el10_2.ppc64le.rpm SHA-256: 7f92767d23ded7079d3f07d9c31be0ba9aacaf04d34648b9f4698814ccdb2fe0 Red Hat Enterprise Linux for ARM 64 10 SRPM giflib-5.2.1-24.el10_2.src.rpm SHA-256: aa8b15536f18636f0103dc85f4afeee43be30cedfa6c19c0c86e3686d7662528 aarch64 giflib-5.2.1-24.el10_2.aarch64.rpm SHA-256: 344e47acab95064d03352e302d623d10ac4f86303d2bc436648aa3564d69c83a giflib-debuginfo-5.2.1-24.el10_2.aarch64.rpm SHA-256: 16c2901b82faf0fcde902badfb7b3eec393b801b0c39927a822c7182bda7f7f4 giflib-debugsource-5.2.1-24.el10_2.aarch64.rpm SHA-256: 7c3d9631381bc018b3a532bfb34c86bb6484ef233b3e876fc189897eba02cf12 giflib-utils-debuginfo-5.2.1-24.el10_2.aarch64.rpm SHA-256: 43bdbac93d91b92f79f624425e5a2b7936642be2921182b32c3b6769332c1b38 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 SRPM giflib-5.2.1-24.el10_2.src.rpm SHA-256: aa8b15536f18636f0103dc85f4afeee43be30cedfa6c19c0c86e3686d7662528 aarch64 giflib-5.2.1-24.el10_2.aarch64.rpm SHA-256: 344e47acab95064d03352e302d623d10ac4f86303d2bc436648aa3564d69c83a giflib-debuginfo-5.2.1-24.el10_2.aarch64.rpm SHA-256: 16c2901b82faf0fcde902badfb7b3eec393b801b0c39927a822c7182bda7f7f4 giflib-debugsource-5.2.1-24.el10_2.aarch64.rpm SHA-256: 7c3d9631381bc018b3a532bfb34c86bb6484ef233b3e876fc189897eba02cf12 giflib-utils-debuginfo-5.2.1-24.el10_2.aarch64.rpm SHA-256: 43bdbac93d91b92f79f624425e5a2b7936642be2921182b32c3b6769332c1b38 Red Hat CodeReady Linux Builder for x86_64 10 SRPM x86_64 giflib-debuginfo-5.2.1-24.el10_2.x86_64.rpm SHA-256: 2eeff3b8307f84e0a90ee44de1dced83112b6d77592dfe63922785f194755980 giflib-debugsource-5.2.1-24.el10_2.x86_64.rpm SHA-256: 3bfb0752c8333e46d8972fe983516a41e498f902178f00b2e59ae7ae1146744b giflib-devel-5.2.1-24.el10_2.x86_64.rpm SHA-256: 45bc5db447618f916157efa6d19b09a5a61a7917a9263c48e040864dfaa43994 giflib-utils-debuginfo-5.2.1-24.el10_2.x86_64.rpm SHA-256: d37a04329e287a4481b51c51b50b0586f140785cde9cfeaec0b04868e5c2ac57 Red Hat CodeReady Linux Builder for Power, little endian 10 SRPM ppc64le giflib-debuginfo-5.2.1-24.el10_2.ppc64le.rpm SHA-256: 978b8b27abb7b872f76e7283de1d284e1f9b6113ff238289e9e8fa4495ee029f giflib-debugsource-5.2.1-24.el10_2.ppc64le.rpm SHA-256: 7c5181a61a60fbf604e87c895bc30200a62939261683cae1fa0598de63c79c95 giflib-devel-5.2.1-24.el10_2.ppc64le.rpm SHA-256: a63c8a7d7a2b441cd917d4d6d160578b76645eb50347dc9afc4f49b050c90014 giflib-utils-debuginfo-5.2.1-24.el10_2.ppc64le.rpm SHA-256: 7f92767d23ded7079d3f07d9c31be0ba9aacaf04d34648b9f4698814ccdb2fe0 Red Hat CodeReady Linux Builder for ARM 64 10 SRPM aarch64 giflib-debuginfo-5.2.1-24.el10_2.aarch64.rpm SHA-256: 16c2901b82faf0fcde902badfb7b3eec393b801b0c39927a822c7182bda7f7f4 giflib-debugsource-5.2.1-24.el10_2.aarch64.rpm SHA-256: 7c3d9631381bc018b3a532bfb34c86bb6484ef233b3e876fc189897eba02cf12 giflib-devel-5.2.1-24.el10_2.aarch64.rpm SHA-256: 17f9c66b95a1c0417afe661ec84698528f588097309cc2d3fff730128ccea621 giflib-utils-debuginfo-5.2.1-24.el10_2.aarch64.rpm SHA-256: 43bdbac93d