CVE-2026-5186

A flaw was found in Nothings stb, affecting its Multi-frame GIF File Handler. A local attacker can exploit a double free vulnerability by manipulating a specific function within the stbimage.h file. This can lead to memory corruption, which may result in a denial of service, making the system...

CVE-2026-5186

The CVE concerns Nothings stb up to 2.30, specifically the Multi-frame GIF File Handler’s stb_image.h function stbi__load_gif_main. A manipulation leads to a double-free, with exploitation requiring local access. Public exploit has been made available. Vendor was contacted early but did not respo...

CVE-2026-5185

A security flaw has been discovered in Nothings stbimage up to 2.30. This affects the function stbigifloadnext of the file stbimage.h of the component Multi-frame GIF File Handler. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been...

Updated optipng packages fix a security vulnerability

Updated the optipng package to fix a security vulnerability CVE-2023-43907 and other bugs. The GIF handler was vulnerable to a global buffer overflow...

PT-2023-8922 · Optipng +3 · Optipng +3

Name of the Vulnerable Software and Affected Versions: OptiPNG version 0.7.7 Description: The issue is related to a global buffer overflow via the buffer variable at gifread.c. This can potentially allow an attacker to cause a denial of service or other impact. Recommendations: For OptiPNG versio...

qt5-qtbase: QImage allocation failure in qgifhandler

An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault...