Description
An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via a crafted GIF file.
Published: 2026-06-09
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow in the DecodeLZW function of bitbank2 AnimatedGIF allows a malicious GIF file to corrupt memory, enabling a crash or, if the overflow is properly leveraged, arbitrary code execution on the host system. This memory‑corruption weakness threatens the integrity of the application and, if exploited, could compromise confidentiality and availability of the affected system. Based on the description, it is inferred that the attacker can trigger this vulnerability by supplying a malicious GIF file to an environment that loads or processes GIF images through the vulnerable library.

Affected Systems

bitbank2 AnimatedGIF version 2.2.0 is affected. No other versions or vendors are listed in the advisory.

Risk and Exploitability

The CVSS score of 9.8 indicates a high severity. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. Although exploitation data is absent, the potential impact remains significant: an attacker must deliver or cause the processing of a crafted GIF file by the vulnerable library. This can be achieved remotely by supplying the file to any exposed service that parses GIFs or locally by running the application with the malicious file. Once triggered, the buffer overflow could lead to arbitrary code execution or a denial of service.

Generated by OpenCVE AI on June 9, 2026 at 23:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade AnimatedGIF to the latest released version that fixes the DecodeLZW buffer overflow.
  • Implement strict input validation for GIF files, rejecting any images that exceed expected size or contain suspicious LZW data before decoding.
  • Run image decoding in a restricted, sandboxed environment to limit the damage scope of any potential overflow exploitation.

Generated by OpenCVE AI on June 9, 2026 at 23:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in AnimatedGIF’s DecodeLZW Allows Remote Code Execution

Tue, 09 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400

Tue, 09 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via a crafted GIF file.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-09T21:02:40.364Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30141

cve-icon Vulnrichment

Updated: 2026-06-09T19:14:00.162Z

cve-icon NVD

Status : Received

Published: 2026-06-09T19:17:32.447

Modified: 2026-06-09T22:16:22.460

Link: CVE-2026-30141

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T23:30:05Z

Weaknesses