CVE-2026-26740

high

Red Hat

CVSS v3 Base Score

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Confidentiality

None

Integrity

None

Availability

High

Published: March 18, 2026 (57 days ago)

Last Modified: March 18, 2026

Vendor: Red Hat

Source: REDHAT

Description

A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension (GCE) block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of service (DoS) on the system.

CWE

CWE-787

Affected Products

Red Hat build of OpenJDK 11 ELSRed Hat build of OpenJDK 17Red Hat build of OpenJDK 1.8Red Hat build of OpenJDK 21Red Hat build of OpenJDK 25Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com

CVE-2026-26740

Vulnerability Report

Description

CWE

Affected Products

References