CVE-2026-4985
MEDIUMdloebl CGIF GIF Image cgif.c cgif_addframe integer overflow
Title source: cnaDescription
A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgif_addframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier of the patch is b0ba830093f4317a5d1f345715d2fa3cd2dab474. It is suggested to install a patch to address this issue.
References (7)
Core 7
Core References
Product product
https://github.com/dloebl/cgif/
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-353874 | dloebl CGIF GIF Image cgif.c cgif_addframe integer overflow
https://vuldb.com/?id.353874
Signature, Permissions Required signature
permissions-required
VDB-353874 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/?ctiid.353874
Third Party Advisory third-party-advisory
Submit #778278 | dloebl CGIF v0.4.0 to v0.5.2 Integer Overflow
https://vuldb.com/?submit.778278
Issue Tracking issue-tracking
https://github.com/dloebl/cgif/issues/110
Patch issue-tracking
patch
https://github.com/dloebl/cgif/pull/112
Scores
CVSS v3
4.3
EPSS
0.0049
EPSS Percentile
38.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-189
CWE-190
Status
published
Products (3)
dloebl/CGIF
0.5.0
dloebl/CGIF
0.5.1
dloebl/CGIF
0.5.2
Published
Mar 27, 2026
Tracked Since
Mar 29, 2026