{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23868", "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "state": "PUBLISHED", "assignerShortName": "Meta", "dateReserved": "2026-01-16T19:49:26.309Z", "datePublished": "2026-03-10T18:53:25.606Z", "dateUpdated": "2026-03-11T15:44:58.572Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "giflib", "vendor": "giflib", "versions": [{"lessThanOrEqual": "6.1.1", "status": "affected", "version": "5.0.0", "versionType": "semver"}]}], "dateAssigned": "2026-03-05T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible."}], "problemTypes": [{"descriptions": [{"description": "CWE-415: Double Free", "lang": "en"}]}], "providerMetadata": {"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "shortName": "Meta", "dateUpdated": "2026-03-10T18:53:25.606Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.facebook.com/security/advisories/cve-2026-23868"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/tree/gifalloc.c?diff=5146815377b7395944cb683a08c43eee3f631eb7"}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-415", "lang": "en", "description": "CWE-415 Double Free"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-11T15:44:19.761510Z", "id": "CVE-2026-23868", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T15:44:58.572Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-23868", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T15:44:19.761510Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-415", "description": "CWE-415 Double Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T15:43:32.269Z"}}], "cna": {"affected": [{"vendor": "giflib", "product": "giflib", "versions": [{"status": "affected", "version": "5.0.0", "versionType": "semver", "lessThanOrEqual": "6.1.1"}], "defaultStatus": "affected"}], "references": [{"url": "https://www.facebook.com/security/advisories/cve-2026-23868", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/tree/gifalloc.c?diff=5146815377b7395944cb683a08c43eee3f631eb7", "tags": ["x_refsource_CONFIRM"]}], "dateAssigned": "2026-03-05T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-415: Double Free"}]}], "providerMetadata": {"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "shortName": "Meta", "dateUpdated": "2026-03-10T18:53:25.606Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23868", "state": "PUBLISHED", "dateUpdated": "2026-03-11T15:44:58.572Z", "dateReserved": "2026-01-16T19:49:26.309Z", "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "datePublished": "2026-03-10T18:53:25.606Z", "assignerShortName": "Meta"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible."}, {"lang": "es", "value": "Giflib contiene una vulnerabilidad de doble liberaci\u00f3n que es el resultado de una copia superficial en GifMakeSavedImage y un manejo de errores incorrecto. Las condiciones necesarias para activar esta vulnerabilidad son dif\u00edciles pero pueden ser posibles."}], "id": "CVE-2026-23868", "lastModified": "2026-03-11T16:16:26.900", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-10T20:16:25.517", "references": [{"source": "cve-assign@fb.com", "url": "https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/tree/gifalloc.c?diff=5146815377b7395944cb683a08c43eee3f631eb7"}, {"source": "cve-assign@fb.com", "url": "https://www.facebook.com/security/advisories/cve-2026-23868"}], "sourceIdentifier": "cve-assign@fb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "giflib: Giflib: Double-free vulnerability leading to memory corruption", "id": "2446207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446207"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-825", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-23868", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "giflib", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "giflib", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "giflib", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "giflib", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "giflib", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-10T18:53:25Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23868\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23868\nhttps://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/tree/gifalloc.c?diff=5146815377b7395944cb683a08c43eee3f631eb7\nhttps://www.facebook.com/security/advisories/cve-2026-23868"], "threat_severity": "Important"}