From c79e81c367fae15d35f992c4efb7ed92fdb594a8 Mon Sep 17 00:00:00 2001
From: Michal Hlavinka <mhlavink@redhat.com>
Date: Tue, 24 Mar 2026 10:39:05 +0100
Subject: [PATCH] fix CVE-2026-23868: double free in GifMakeSavedImage
 (RHEL-154853)

Resolves: RHEL-154853
---
 giflib-5.1.8-cve-2026-23868.patch | 18 ++++++++++++++++++
 giflib.spec                       |  8 +++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 giflib-5.1.8-cve-2026-23868.patch

diff --git a/giflib-5.1.8-cve-2026-23868.patch b/giflib-5.1.8-cve-2026-23868.patch
new file mode 100644
index 0000000..5b9a501
--- /dev/null
+++ b/giflib-5.1.8-cve-2026-23868.patch
@@ -0,0 +1,18 @@
+--- a/lib/gifalloc.c
++++ b/lib/gifalloc.c
+@@ -349,6 +349,14 @@
+              * problems.
+              */
+ 
++            /* Null out aliased pointers before any allocations
++             * so that FreeLastSavedImage won't free CopyFrom's
++             * data if an allocation fails partway through. */
++            sp->ImageDesc.ColorMap = NULL;
++            sp->RasterBits = NULL;
++            sp->ExtensionBlocks = NULL;
++            sp->ExtensionBlockCount = 0;
++ 
+             /* first, the local color map */
+             if (sp->ImageDesc.ColorMap != NULL) {
+                 sp->ImageDesc.ColorMap = GifMakeMapObject(
+
diff --git a/giflib.spec b/giflib.spec
index 80d0066..3c3950b 100644
--- a/giflib.spec
+++ b/giflib.spec
@@ -1,7 +1,7 @@
 Name:          giflib
 Summary:       A library and utilities for processing GIFs
 Version:       5.1.4
-Release:       3%{?dist}
+Release:       4%{?dist}
 
 License:       MIT
 URL:           http://www.sourceforge.net/projects/%{name}/
@@ -9,6 +9,9 @@ Source:        http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.b
 
 Patch0:        giflib-5.1.4-coverity.patch
 Patch1:        giflib-5.1.4-html-docs-consistent-ids.patch
+# from upstream, for <= 6.1.1, RHEL-154853
+# https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/
+Patch2:        giflib-5.1.8-cve-2026-23868.patch
 
 BuildRequires: autoconf automake libtool
 BuildRequires: gcc
@@ -79,6 +82,9 @@ rm -f doc/Makefile*
 
 
 %changelog
+* Tue Mar 24 2026 Michal Hlavinka <mhlavink@redhat.com> - 5.1.4-4
+- fix CVE-2026-23868: double free in GifMakeSavedImage (RHEL-154853)
+
 * Thu Nov 08 2018 Nikola Forró <nforro@redhat.com> - 5.1.4-3
 - Generate HTML docs with consistent section IDs to avoid multilib difference
   related: #1602513