CVE-2026-23868
Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The cond
CVSS
5.1
Medium
EPSS
0.1%
p4
KEV
—
Exploit Today
1
0-100
Published: Mar 10, 2026 · Last modified: Jul 15, 2026 · CWE-415 · CWE-825
0.1%EPSS · 30 days0.1%
2026-06-302026-07-16
Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
- sourceforge.nethttps://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/tree/gifalloc.c?diff=5146815377b7395944cb683a08c43eee3f631eb7
- www.facebook.comhttps://www.facebook.com/security/advisories/cve-2026-23868
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:16008
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:16009
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:16030
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:16174
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:19154
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:19367
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:19724
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:19725
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:25096
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:8858
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:8859
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:8861
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:8883
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:8884
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:8885
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:8886
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:8887
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:9290
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-239188.8 HIG98.7%
——30Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol.
This issue affects Apache HTTP Server: 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes the issue.3dCVE-2026-335267.5 HIG94.7%
——28Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.3dCVE-2026-454478.8 HIG84.4%
——25Issue summary: A specially crafted PKCS#7 or S/MIME signed message could
trigger a use-after-free during PKCS#7 signature verification.
Impact summary: A use-after-free may result in process crashes, heap
corruption, or potentially remote code execution.
When processing a PKCS#7 or S/MIME signed message, if the SignedData
digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may
incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent
use of the BIO by the calling application results in a use-after-free
condition.
In the common case this occurs when the application later calls
BIO_free() on the BIO originally passed to PKCS7_verify(). Depending
on allocator behavior and application-specific BIO usage patterns, this
may result in a crash or other memory corruption. In some application
contexts this may potentially be exploitable for remote code execution.
Applications that process PKCS#7 or S/MIME signed messages using OpenSSL
PKCS#7 APIs may be affected. Applications using the CMS APIs for this
processing are not affected.
The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this
issue, as the affected code is outside the OpenSSL FIPS module boundary.2dCVE-2026-35937.4 HIG76.6%
——23A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.
This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.
BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected.3dCVE-2026-89259.8 CRI61.3%
——18The curl logic that works with SASL authentication could end up cleaning up
the GSASL context *twice* without clearing the pointer in between, making it
`free()` the same pointer twice.10dCVE-2026-338117.5 HIG52.9%
——16When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.1d