{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73725?format=json","vulnerability_id":"VCID-1t7a-jjh8-tkdc","summary":"A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgif_addframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier of the patch is b0ba830093f4317a5d1f345715d2fa3cd2dab474. It is suggested to install a patch to address this issue.","aliases":[{"alias":"CVE-2026-4985"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078407?format=json","purl":"pkg:deb/debian/cgif@0.5.3-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cgif@0.5.3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/27063?format=json","purl":"pkg:deb/debian/cgif@0.5.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cgif@0.5.3-1%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078405?format=json","purl":"pkg:deb/debian/cgif@0.3.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1t7a-jjh8-tkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cgif@0.3.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/27061?format=json","purl":"pkg:deb/debian/cgif@0.3.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1t7a-jjh8-tkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cgif@0.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1078406?format=json","purl":"pkg:deb/debian/cgif@0.5.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1t7a-jjh8-tkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cgif@0.5.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/27062?format=json","purl":"pkg:deb/debian/cgif@0.5.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1t7a-jjh8-tkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cgif@0.5.0-1%3Fdistro=trixie"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4985","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04578","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04585","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.046","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4985"},{"reference_url":"https://github.com/dloebl/cgif/issues/110","reference_id":"110","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T15:48:29Z/"}],"url":"https://github.com/dloebl/cgif/issues/110"},{"reference_url":"https://github.com/dloebl/cgif/pull/112","reference_id":"112","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T15:48:29Z/"}],"url":"https://github.com/dloebl/cgif/pull/112"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132167","reference_id":"1132167","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132167"},{"reference_url":"https://github.com/dloebl/cgif/commit/b0ba830093f4317a5d1f345715d2fa3cd2dab474","reference_id":"b0ba830093f4317a5d1f345715d2fa3cd2dab474","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T15:48:29Z/"}],"url":"https://github.com/dloebl/cgif/commit/b0ba830093f4317a5d1f345715d2fa3cd2dab474"},{"reference_url":"https://github.com/dloebl/cgif/","reference_id":"cgif","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T15:48:29Z/"}],"url":"https://github.com/dloebl/cgif/"},{"reference_url":"https://vuldb.com/?ctiid.353874","reference_id":"?ctiid.353874","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T15:48:29Z/"}],"url":"https://vuldb.com/?ctiid.353874"},{"reference_url":"https://vuldb.com/?id.353874","reference_id":"?id.353874","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T15:48:29Z/"}],"url":"https://vuldb.com/?id.353874"},{"reference_url":"https://vuldb.com/?submit.778278","reference_id":"?submit.778278","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T15:48:29Z/"}],"url":"https://vuldb.com/?submit.778278"}],"weaknesses":[{"cwe_id":189,"name":"Numeric Errors","description":"Weaknesses in this category are related to improper calculation or conversion of numbers."},{"cwe_id":190,"name":"Integer Overflow or Wraparound","description":"The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control."}],"exploits":[],"severity_range_score":"4.3 - 5.3","exploitability":"0.5","weighted_severity":"4.8","risk_score":2.4,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1t7a-jjh8-tkdc"}