Description
A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgif_addframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier of the patch is b0ba830093f4317a5d1f345715d2fa3cd2dab474. It is suggested to install a patch to address this issue.
Published: 2026-03-27
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via integer overflow
Action: Apply Patch
AI Analysis

Impact

The CGIF GIF image handler contains a flaw in its cgif_addframe function where maliciously crafted width or height parameters lead to an integer overflow. This overflow can disrupt memory handling, potentially causing a crash or other unpredictable behavior that results in a denial of service. The weakness corresponds to insufficient bounds checking and mathematical precision errors (CWE‑189, CWE‑190).

Affected Systems

Versions of the CGIF component distributed by dloebl up to and including 0.5.2 are vulnerable. Systems that embed these CGIF libraries for GIF processing without upgrading or patching are at risk. No other vendors or product versions are indicated as affected.

Risk and Exploitability

The CVSS base score of 5.3 denotes moderate severity. No EPSS data are available, and the vulnerability is not listed in the CISA KEV catalog, which suggests it is not widely exploited yet. The description states that the attack may be initiated remotely, indicating that an external user can trigger the overflow by supplying a crafted GIF image to the vulnerable function. No privilege escalation is required, so the impact is limited to service availability rather than confidentiality or integrity compromise.

Generated by OpenCVE AI on March 28, 2026 at 06:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch from commit b0ba830093f4317a5d1f345715d2fa3cd2dab474 to fix the integer overflow in cgif_addframe.

Generated by OpenCVE AI on March 28, 2026 at 06:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 30 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Dloebl
Dloebl cgif
Vendors & Products Dloebl
Dloebl cgif

Sat, 28 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgif_addframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier of the patch is b0ba830093f4317a5d1f345715d2fa3cd2dab474. It is suggested to install a patch to address this issue.
Title dloebl CGIF GIF Image cgif.c cgif_addframe integer overflow
Weaknesses CWE-189
CWE-190
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Dloebl Cgif
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-30T15:48:41.448Z

Reserved: 2026-03-27T12:47:40.382Z

Link: CVE-2026-4985

cve-icon Vulnrichment

Updated: 2026-03-30T15:48:36.209Z

cve-icon NVD

Status : Deferred

Published: 2026-03-27T22:16:23.290

Modified: 2026-04-24T16:36:24.067

Link: CVE-2026-4985

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T07:00:04Z

Weaknesses