Description
A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgif_addframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier of the patch is b0ba830093f4317a5d1f345715d2fa3cd2dab474. It is suggested to install a patch to address this issue.
Published: 2026-03-27
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via integer overflow
Action: Apply Patch
AI Analysis

Impact

The CGIF GIF image handler contains a flaw in its cgif_addframe function where maliciously crafted width or height parameters lead to an integer overflow. This overflow can disrupt memory handling, potentially causing a crash or other unpredictable behavior that results in a denial of service. The weakness corresponds to insufficient bounds checking and mathematical precision errors (CWE‑189, CWE‑190).

Affected Systems

Versions of the CGIF component distributed by dloebl up to and including 0.5.2 are vulnerable. Systems that embed these CGIF libraries for GIF processing without upgrading or patching are at risk. No other vendors or product versions are indicated as affected.

Risk and Exploitability

The CVSS base score of 5.3 denotes moderate severity. No EPSS data are available, and the vulnerability is not listed in the CISA KEV catalog, which suggests it is not widely exploited yet. The description states that the attack may be initiated remotely, indicating that an external user can trigger the overflow by supplying a crafted GIF image to the vulnerable function. No privilege escalation is required, so the impact is limited to service availability rather than confidentiality or integrity compromise.

Generated by OpenCVE AI on March 28, 2026 at 06:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch from commit b0ba830093f4317a5d1f345715d2fa3cd2dab474 to fix the integer overflow in cgif_addframe.

Generated by OpenCVE AI on March 28, 2026 at 06:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 28 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgif_addframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier of the patch is b0ba830093f4317a5d1f345715d2fa3cd2dab474. It is suggested to install a patch to address this issue.
Title dloebl CGIF GIF Image cgif.c cgif_addframe integer overflow
Weaknesses CWE-189
CWE-190
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-27T22:18:22.805Z

Reserved: 2026-03-27T12:47:40.382Z

Link: CVE-2026-4985

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-27T22:16:23.290

Modified: 2026-03-27T23:17:18.857

Link: CVE-2026-4985

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-29T20:29:38Z

Weaknesses