Skip to main content

Red Hat EUVD-2026-12914

| CVE-2026-26740 HIGH
Out-of-bounds Write (CWE-787)
2026-03-18 mitre
Buffer Overflow Denial Of Service Memory Corruption Red Hat Suse
8.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
SUSE
HIGH
qualitative
Red Hat
7.5 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

5
Patch released
Apr 10, 2026 - 08:30 nvd
Patch available
PoC Detected
Mar 21, 2026 - 00:09 vuln.today
Public exploit code
EUVD ID Assigned
Mar 18, 2026 - 18:15 euvd
EUVD-2026-12914
Analysis Generated
Mar 18, 2026 - 18:15 vuln.today
CVE Published
Mar 18, 2026 - 00:00 nvd
HIGH 8.2

DescriptionCVE.org

Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.

AnalysisAI

Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when processing Graphic Control Extension blocks, enabling remote attackers to trigger denial of service conditions. Public exploit code exists for this vulnerability, though no patch is currently available. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Send crafted GIF file with malformed Graphic Control Extension
Exploit
Parser calls EGifGCBToExtension without size validation
Execution
Buffer overflow overwrites adjacent memory
Impact
Denial of service or data corruption occurs
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Victim must process a crafted GIF file containing a malformed Graphic Control Extension block using giflib v.5.2.2. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Despite the absence of a formal CVSS vector and EPSS score, multiple risk indicators suggest this is a genuine but contained threat. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious GIF file with a specially sized Graphic Control Extension block that violates memory allocation assumptions in the EGifGCBToExtension function. When a vulnerable application (e.g., an image processing server or automated thumbnail generator) attempts to process the GIF, the buffer overflow is triggered, causing heap corruption and an application crash. …
Remediation Upgrade giflib to version 5.2.3 or later (refer to the official giflib repository at https://github.com/jhalley/giflib for patched releases). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 7 days: Identify all affected systems and apply vendor patches promptly. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed
SUSE Linux Enterprise Server 16.0 Fixed

Share

EUVD-2026-12914 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy