Announcing release 6.1.1 of giflib

Subject: Announcing release 6.1.1 of giflib
From: "Eric S. Raymond" <esr%thyrsus.com@localhost>
Date: Thu, 19 Feb 2026 16:50:32 -0500 (EST)

Release 6.1.1 of giflib is now available at:

	http://giflib.sourceforge.net/

Here are the most recent changes:

Version 6.1.1
=============

This release bumps the major version, but only one entry point -
EGifSpew() - has changed signature and behavior (in order to be able
to pass out a detailed error code). The internal error
codes in the E_GIF_ERR series have changed value so none of them
collides with GIF_ERROR.

This code has been systematically audited and hardened wuth
ChatGPT-5.2. The only library fixes reported by users or found by
robot were for some memory leaks that could only triggered by severely
malformed GIFs. Other bugs are edge-case failures in the CLI tools.

The gif2rbg CLI tool has been moved to the "obsolete" bin, because its
only deployment case in 2026 is as a piÃ±ata at fuzzer parties.

Warning: the CLI tools in the obsolete category will soon be removed
from the distribution entirely. The maintainer is tired of fielding
junk bugs filed against them by would-be coup-counters who found yet
another edge case, and the rest of the world doesn't need noisy CVEs
that aren't actually DoS or security issues for giflib clients.

Code Fixes
----------

* Fix for CVE-2021-40633.

* Fix SF bug #165 EGifSpew leaks GifFileOut->SColorMap

* Fix SF bug #171 ImageMagick required to build giflib on non-Darwin Platforms

* Fix SF bug #172 Incorrect object files in shared libutil on darwin

* Fix SF bug #173 installation of manual pages and html documentation

* Fix SF bug #175 Memory leaks in gifecho.c's main() and in gifalloc.c's GifMakeMapObject

* Fix SF bug #177 wrong pointer used in giftool getbool

* Fix SF bug #179 Path Traversal vulnerability

* Fix SF bug #180: -Wformat-truncation likely pointing out an actual bug

* Fix SF bug #182 outâ??ofâ??bounds writes in Icon2Gif

* Fix SF bug #184 uninitialized buffer in DumpScreen2RGB

* Fix SF bug #185 integer overflow in gifbg.c

* Fix SF bug #186 integer overflow in Icon2Gif

* Fix SF bug #187: CVE-2025-31344

* Fix SF bug #170 Tests failing on Ubuntu Noble, giftext buffer overflow

* Fix SF bug #165 EGifSpew leaks GifFileOut->SColorMap

* Fix SF bug #162 detected memory leaks in GifMakeSavedImage giflib/gifalloc.c

* Fix SF bug #161 detected memory leaks in EGifOpenFileHandle giflib/egif_lib.c

* Fix SF bug #142 ABI break public symbol GifQuantizeBuffer

Other bugs that duplicate these have breen addressesed by these fixes

* SF bug #156 EGifSpew leaks SavedImages (and more); won't fix, caller
  might want to write a GIF, modify the in-memory data, then write
  again.

Tests
-----

Test suite now emits TAP (Test Anything Protocol).



The address list for this email was probably generated automatically from the
package index for 'giflib' at repology.org. If you received this
email in error, we apologize and recommend you update your distribution's
metadata identifying you as a package maintainer.

--
                             shipper, acting for Eric S. Raymond <esr%thyrsus.com@localhost>

Prev by Date: Re: pbulk broken
Next by Date: diff from 2026-02-13 12:42 to 2026-02-18 21:36
Previous by Thread: pbulk broken
Next by Thread: Announcing release 2.22 of doclifter
Indexes:

Home | Main Index | Thread Index | Old Index