CVE-2026-23868: Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.

Overview

Severity

High (CVSS 7)

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploit Status

Not Exploited

Patch Tuesday

2026-Mar

Released

2026-03-12

Last Updated

2026-03-27

EPSS Score

0.02% (percentile: 5.6%)

Affected Products (4)

Mariner

• azl3 giflib 5.2.1-10 on Azure Linux 3.0

Open Source Software

• cbl2 giflib 5.2.1-10 on CBL Mariner 2.0
• azl3 tensorflow 2.16.1-11 on Azure Linux 3.0
• cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0

Revision History

• 2026-03-12: Information published.
• 2026-03-13: Information published.
• 2026-03-14: Information published.
• 2026-03-27: Information published.