Fedora Account System
Red Hat Associate
Red Hat Customer
Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.
Hi, team. I hope you're doing well. Do we have an ETA for the fix for this CVE-2026-26740 vulnerability to the Red Hat build of OpenJDK 21 (java-21-openjdk-portable)? Regards.
Hi, Here is a public disclosure of the issue: https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md The affected components are the EGifGCBToExtension and EGifGCBToSavedExtension functions, implemented in egif_lib.c: https://sourceforge.net/p/giflib/code/ci/6.1.3/tree/egif_lib.c#l658 https://sourceforge.net/p/giflib/code/ci/6.1.3/tree/egif_lib.c#l675 This is not resolved in GifLib upstream yet, probably addressed by one of the patches attached to the following issues: GifLib bug #199: Buffer Overflow vulnerability in giflib https://sourceforge.net/p/giflib/bugs/199/ GifLib bug #201: Heap buffer overflow in EGifGCBToSavedExtension on malformed Graphics Control Extension https://sourceforge.net/p/giflib/bugs/201/ Here is a discussion with the maintainers, where they mention a fix is in the pipeline: https://sourceforge.net/p/giflib/mailman/giflib-devel/thread/SAWPR05MB99856275F12A2F9834E58B8CE9B356A%40SAWPR05MB998562.namprd05.prod.outlook.com/#msg59313739 However, OpenJDK sources do not include egif_lib.c, and the only occurrences of these functions in OpenJDK code are their declarations in gif_lib.h: https://github.com/openjdk/jdk/blob/jdk-27+22/src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h#L282-L283 https://github.com/openjdk/jdk/blob/jdk-27+22/src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h#L287-L288 Thus, to my understanding, none of the OpenJDK versions are affected by CVE-2026-26740, because they do NOT ship the vulnerable code.
This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:33447 https://access.redhat.com/errata/RHSA-2026:33447
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:33450 https://access.redhat.com/errata/RHSA-2026:33450
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:33451 https://access.redhat.com/errata/RHSA-2026:33451
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On Via RHSA-2026:33455 https://access.redhat.com/errata/RHSA-2026:33455
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions Via RHSA-2026:33452 https://access.redhat.com/errata/RHSA-2026:33452
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:33456 https://access.redhat.com/errata/RHSA-2026:33456
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:33509 https://access.redhat.com/errata/RHSA-2026:33509
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:33503 https://access.redhat.com/errata/RHSA-2026:33503
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:33502 https://access.redhat.com/errata/RHSA-2026:33502
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:33501 https://access.redhat.com/errata/RHSA-2026:33501