Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgif_addframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier of the patch is b0ba830093f4317a5d1f345715d2fa3cd2dab474. It is suggested to install a patch to address this issue. VulDB is the best source for vulnerability data and more expert information about this specific topic.
AnalysisAI
Integer overflow in dloebl CGIF up to version 0.5.2 allows remote attackers to trigger availability impact via manipulation of width/height arguments in the cgif_addframe function. The vulnerability requires user interaction (UI:P) but can be exploited over the network with no authentication. A patch is available via upstream commit b0ba830093f4317a5d1f345715d2fa3cd2dab474.
Technical ContextAI
The vulnerability exists in the GIF image handler component of CGIF, specifically in the cgif_addframe function within src/cgif.c. The root cause is CWE-190 (Integer Overflow or Wraparound), which occurs when width and height parameters are not properly validated before being used in arithmetic operations or memory allocation calculations. When untrusted integer values overflow, they can cause unexpected behavior such as buffer overflows, memory corruption, or denial of service. CGIF is a library for creating animated GIF files, and the affected function is responsible for adding frames to animated GIFs. The CPE cpe:2.3:a:dloebl:cgif:*:*:*:*:*:*:*:* indicates all versions up to 0.5.2 are vulnerable.
RemediationAI
Upgrade dloebl CGIF to a version newer than 0.5.2 that includes the fix from commit b0ba830093f4317a5d1f345715d2fa3cd2dab474. The upstream patch is available at https://github.com/dloebl/cgif/pull/112 and the commit hash b0ba830093f4317a5d1f345715d2fa3cd2dab474. For users unable to immediately upgrade, implement input validation to reject GIF files with excessively large or suspicious width/height values. Applications that process GIFs should be configured to run with minimal privileges to limit the impact of a potential denial-of-service condition. Refer to https://github.com/dloebl/cgif/issues/110 for discussion of the vulnerability.
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Integer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16894
GHSA-j9q5-hw2p-xmcf