HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-30141Published Modified CNA mitre

CVE-2026-30141: An issue was discovered in bitbank2 AnimatedGIF v2

An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via a crafted GIF file.

Metrics

CVSS v3.1
9.8
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A heap buffer overflow exists in the DecodeLZW function of the bitbank2 AnimatedGIF library (v2.2.0). The vulnerability is reachable over the network with no authentication required, meaning any service that accepts and processes GIF files from untrusted sources is exposed. Successful exploitation gives an attacker the ability to crash the affected process or execute arbitrary code with the privileges of the running service. No upstream fix has been published yet; HarborGuard is tracking the advisory and will make a patched rebuild available as soon as one is released.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment - the CVE is matched against customer images within minutes of ingestion from upstream feeds, including custom-built images that bundle the AnimatedGIF library directly. Any image in a connected registry or CI pipeline that includes an affected version of bitbank2 AnimatedGIF v2.2.0 is eligible for flagging.

Available
Triage

HarborGuard scores this CVE at 9.8 CRITICAL using the CVSS v3.1 vector and weights it against each environment's compliance policy to determine urgency and routing. Triage results are directed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

Because no fix version has been published upstream, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment the upstream maintainer ships a remediated release. In the meantime, HarborGuard surfaces the affected images and supports manual compensating-control workflows such as network-policy isolation of services that process untrusted GIF input.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The vulnerable DecodeLZW code path is reachable over the network; an attacker can deliver a crafted GIF file to any internet-exposed or network-accessible service that processes GIF input.

  • AuthenticationNot required

    No account or credential of any privilege level is needed to trigger the overflow; an unauthenticated request carrying a malformed GIF file is sufficient.

  • Victim interactionNot required

    No user action such as clicking a link or opening a file is needed; the attacker only needs to submit a crafted GIF to the processing endpoint.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special timing, race conditions, or environmental preconditions beyond delivering the malformed file.

Blast Radius

  • An attacker can crash the process hosting the AnimatedGIF library, taking down any service that depends on it for GIF rendering or processing.
  • An attacker can execute arbitrary code with the operating-system privileges of the affected process, gaining a foothold inside the container or host.
  • With code execution, the attacker can read in-memory data including session tokens, API keys, or any secrets loaded by the process at the time of exploitation.
  • With code execution, the attacker can write or delete files and data accessible to the process, modifying application state or persisted records.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix for CVE-2026-30141 exists yet, HarborGuard continuously re-checks the advisory on every ingest cycle and will automatically make a patched-image rebuild available the moment bitbank2 publishes a remediated version of AnimatedGIF. For environments with auto-remediation enabled, that rebuild will trigger a regression test run and open a PR against affected workloads without manual intervention. While awaiting an upstream patch, HarborGuard surfaces all images that include the affected library so teams can apply compensating controls: isolating GIF-processing services behind strict network policies, blocking untrusted GIF input at the ingress layer, or disabling animated GIF support via feature flag where the application permits it. The CRITICAL severity score (9.8) and the absence of any exploitation barrier make this a priority item for immediate review in any environment running AnimatedGIF v2.2.0.

See how HarborGuard automates this
Affected packages
  • n/a / n/a
    n/a
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References