{
  "threat_severity" : "Important",
  "public_date" : "2026-03-18T00:00:00Z",
  "bugzilla" : {
    "description" : "giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension",
    "id" : "2448747",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2448747"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-787",
  "details" : [ "Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.", "A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension (GCE) block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of service (DoS) on the system." ],
  "statement" : "The openjdk-headless packages do not include java.desktop, which is the only code that uses giflib. Therefore, headless-only environments are not affected.",
  "package_state" : [ {
    "product_name" : "Red Hat build of OpenJDK 11 ELS",
    "fix_state" : "Not affected",
    "package_name" : "java-11-openjdk",
    "cpe" : "cpe:/a:redhat:openjdk_els:11"
  }, {
    "product_name" : "Red Hat build of OpenJDK 11 ELS",
    "fix_state" : "Not affected",
    "package_name" : "java-11-openjdk-portable",
    "cpe" : "cpe:/a:redhat:openjdk_els:11"
  }, {
    "product_name" : "Red Hat build of OpenJDK 17",
    "fix_state" : "Not affected",
    "package_name" : "java-17-openjdk-portable",
    "cpe" : "cpe:/a:redhat:openjdk:17"
  }, {
    "product_name" : "Red Hat build of OpenJDK 1.8",
    "fix_state" : "Not affected",
    "package_name" : "java-1.8.0-openjdk-portable",
    "cpe" : "cpe:/a:redhat:openjdk:1.8"
  }, {
    "product_name" : "Red Hat build of OpenJDK 21",
    "fix_state" : "Not affected",
    "package_name" : "java-21-openjdk-portable",
    "cpe" : "cpe:/a:redhat:openjdk:21"
  }, {
    "product_name" : "Red Hat build of OpenJDK 25",
    "fix_state" : "Not affected",
    "package_name" : "java-25-openjdk-portable",
    "cpe" : "cpe:/a:redhat:openjdk:25"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Affected",
    "package_name" : "giflib",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "java-21-openjdk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "java-25-openjdk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "giflib",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "giflib",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "java-1.8.0-openjdk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "giflib",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "java-17-openjdk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "java-1.8.0-openjdk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "java-21-openjdk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "giflib",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "java-17-openjdk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "java-1.8.0-openjdk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "java-21-openjdk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "java-25-openjdk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-26740\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-26740\nhttps://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md" ],
  "name" : "CVE-2026-26740",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}