A vulnerability was identified in MrNanko webp4j up to 1.3.x. The affected element is the function DecodeGifFromMemory of the file src/main/c/gifdecoder.c. Such manipulation of the argument canvasheight leads to integer overflow. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is 89771b201c66d15d29e4cc016d8aae82b6a5fbe1. It is advisable to implement a patch to correct this issue.
{
"cwe_ids": [
"CWE-189",
"CWE-190"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/3xxx/CVE-2026-3707.json",
"cna_assigner": "VulDB",
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "1.0"
},
{
"last_affected": "1.0"
},
{
"introduced": "1.1"
},
{
"last_affected": "1.1"
},
{
"introduced": "1.2"
},
{
"last_affected": "1.2"
}
],
"source": "AFFECTED_FIELD"
}
]
}[
{
"source": "https://github.com/mrnanko/webp4j/commit/89771b201c66d15d29e4cc016d8aae82b6a5fbe1",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "42668446530414014938816166552593643864",
"length": 4104.0
},
"deprecated": false,
"id": "CVE-2026-3707-04ddc3ac",
"target": {
"function": "DecodeGifFromMemory",
"file": "src/main/c/gif_decoder.c"
}
},
{
"source": "https://github.com/mrnanko/webp4j/commit/89771b201c66d15d29e4cc016d8aae82b6a5fbe1",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "227948982794060938254518298605819358529",
"length": 363.0
},
"deprecated": false,
"id": "CVE-2026-3707-280da4db",
"target": {
"function": "normalizeArchitecture",
"file": "src/main/java/dev/matrixlab/webp4j/internal/NativeLibraryLoader.java"
}
},
{
"source": "https://github.com/mrnanko/webp4j/commit/89771b201c66d15d29e4cc016d8aae82b6a5fbe1",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "188570849418308541548926808375914279532",
"length": 142.0
},
"deprecated": false,
"id": "CVE-2026-3707-71638b4b",
"target": {
"function": "CopyCanvas",
"file": "src/main/c/gif_decoder.c"
}
},
{
"source": "https://github.com/mrnanko/webp4j/commit/89771b201c66d15d29e4cc016d8aae82b6a5fbe1",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "158508242893492129178145536851134571856",
"length": 1159.0
},
"deprecated": false,
"id": "CVE-2026-3707-7bae24e2",
"target": {
"function": "loadLibrary",
"file": "src/main/java/dev/matrixlab/webp4j/internal/NativeLibraryLoader.java"
}
},
{
"source": "https://github.com/mrnanko/webp4j/commit/89771b201c66d15d29e4cc016d8aae82b6a5fbe1",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"106198690454698231076202098175294652199",
"192527245316786544260147551488870778891",
"136096154756812870125689452892739812891",
"334267714788691926786539440264157009362",
"1025933495338715107924628573225367975",
"110792717938310482361330294522106541865",
"109997788787214152966558607096792120391",
"124849187971867056264068906539095900162",
"89648940020955920104318862273799735240",
"273845666751439692845276152021673256519",
"158778727141320049609649334215327272218",
"60300563069387853021349463355307115337",
"150864708495582598224417437925875396343",
"94805813205207501816124469381415655661",
"317952007023857935541696059138388079564",
"262979034962008285584708119311429555208",
"56125373973218130269362266436100547849",
"278307784930818331076305194211520872074",
"252806368523490589886804600850849272852",
"274418206198208305455597426271191213516",
"120064232608047806589210741890627174704",
"273607465626294802593432821102418166034",
"150864708495582598224417437925875396343",
"94805813205207501816124469381415655661",
"317952007023857935541696059138388079564",
"262979034962008285584708119311429555208",
"56125373973218130269362266436100547849",
"278307784930818331076305194211520872074"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2026-3707-a8c65910",
"target": {
"file": "src/main/c/gif_decoder.c"
}
},
{
"source": "https://github.com/mrnanko/webp4j/commit/89771b201c66d15d29e4cc016d8aae82b6a5fbe1",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"208754797056877622746327647649263757921",
"109600497523256959754973286716062977676",
"5644586150270252034169382084367440062",
"100847207988383666965474142631062968799",
"95092278483954945400982476180310313320",
"329964101887342415006564091917590815583",
"325023363606797553053555761102678027308",
"62092307445720347380637447089850832535",
"318626468290726914870541034624309364507",
"262550149661610941308009083456228662283",
"160914299178277232804233619890003780955",
"217882878299209331658842558817725941951",
"202129281971586960572398448102947248844"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2026-3707-b801100b",
"target": {
"file": "src/main/java/dev/matrixlab/webp4j/internal/NativeLibraryLoader.java"
}
},
{
"source": "https://github.com/mrnanko/webp4j/commit/89771b201c66d15d29e4cc016d8aae82b6a5fbe1",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "73824709701355064105577683088847427007",
"length": 399.0
},
"deprecated": false,
"id": "CVE-2026-3707-cccfeabe",
"target": {
"function": "ClearCanvas",
"file": "src/main/c/gif_decoder.c"
}
},
{
"source": "https://github.com/mrnanko/webp4j/commit/89771b201c66d15d29e4cc016d8aae82b6a5fbe1",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "102688856272025505960770107051843433760",
"length": 1452.0
},
"deprecated": false,
"id": "CVE-2026-3707-d25ec758",
"target": {
"function": "GetGifInfo",
"file": "src/main/c/gif_decoder.c"
}
}
]
"2026-07-15T16:00:31Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3707.json"