Lucene search
K

302 matches found

EUVD
EUVD
added 2026/04/14 10:5 p.m.3 views

EUVD-2026-22748

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. In versions 1.8.7 and prior, when built with the --with-gdk-pixbuf2 option, a use-after-free vulnerability exists in loadwithgdkpixbuf in loader.c. The cleanup path manually frees the sixelframet object and its interna...

7.8CVSS5.8AI score0.00289EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/14 9:57 p.m.6 views

EUVD-2026-22746

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a use-after-free vulnerability in sixelencoderencodebytes because sixelframeinit stores the caller-owned pixel buffer pointer directly in frame-pixels without making a defensive copy...

7.3CVSS6AI score0.00247EPSS
Exploits1References2
CVE
CVE
added 2026/04/14 9:57 p.m.13 views

CVE-2026-33021

CVE-2026-33021 (libsixel) is a use-after-free in sixel_encoder_encode_bytes() affecting libsixel 1.8.7 and earlier. The bug arises because sixel_frame_init() stores a caller-owned pixel buffer pointer directly in frame->pixels without copying. On a subsequent resize, sixel_frame_convert_to_rgb...

7.3CVSS6AI score0.00247EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/14 9:57 p.m.5 views

CVE-2026-33021 libsixel: Use-after-free in sixel_encoder_encode_bytes()

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a use-after-free vulnerability in sixelencoderencodebytes because sixelframeinit stores the caller-owned pixel buffer pointer directly in frame-pixels without making a defensive copy...

7.3CVSS6AI score0.00247EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:57 p.m.4 views

CVE-2026-33021

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a use-after-free vulnerability in sixelencoderencodebytes because sixelframeinit stores the caller-owned pixel buffer pointer directly in frame-pixels without making a defensive copy...

7.3CVSS6AI score0.00247EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/14 9:57 p.m.25 views

CVE-2026-33021 libsixel: Use-after-free in sixel_encoder_encode_bytes()

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a use-after-free vulnerability in sixelencoderencodebytes because sixelframeinit stores the caller-owned pixel buffer pointer directly in frame-pixels without making a defensive copy...

7.3CVSS0.00247EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/14 9:53 p.m.6 views

EUVD-2026-22744

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow which leads to a heap buffer overflow via sixelframeconverttorgb888 in frame.c, where allocation size and pointer offset computations for palettised images PAL1, PAL...

7.1CVSS6.3AI score0.00205EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:53 p.m.3 views

CVE-2026-33020

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow which leads to a heap buffer overflow via sixelframeconverttorgb888 in frame.c, where allocation size and pointer offset computations for palettised images PAL1, PAL...

7.1CVSS6.3AI score0.00205EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/04/14 9:45 p.m.17 views

CVE-2026-33018

libsixel 1.8.7 and prior contain a heap use‑after‑free in load_gif() (fromgif.c): a single sixel_frame_t is reused across all frames of an animated GIF and gif_init_frame() frees/reallocates frame->pixels between frames regardless of reference counts. A callback using sixel_frame_get_pixels() ...

7CVSS5.8AI score0.00191EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/14 9:45 p.m.6 views

CVE-2026-33018 libsixel: Use-After-Free in load_gif()

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the loadgif function in fromgif.c, where a single sixelframet object is reused across all frames of an animated GIF and gifinitframe unconditionally...

7CVSS5.8AI score0.00191EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:45 p.m.3 views

CVE-2026-33018

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the loadgif function in fromgif.c, where a single sixelframet object is reused across all frames of an animated GIF and gifinitframe unconditionally...

7CVSS5.8AI score0.00191EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.7 views

PT-2026-32951

Name of the Vulnerable Software and Affected Versions libsixel versions prior to 1.8.7-r1 Description A use-after-free issue exists in the sixel encoder encode bytes function. The sixel frame init function stores the caller-owned pixel buffer pointer directly in frame-pixels without creating a...

7.3CVSS6AI score0.00247EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.4 views

PT-2026-32925

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the load gif function in fromgif.c, where a single sixel frame t object is reused across all frames of an animated GIF and gif init frame...

7CVSS5.8AI score0.00191EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.9 views

libsixel 资源管理错误漏洞

Libsixel is a software package developed by Hayaki Saito, which provides encoding/decoding implementations for DEC SIXEL graphics and other conversion programs. Versions of Libsixel 1.8.7 and earlier contained a resource management vulnerability. This vulnerability stemmed from a problem in the...

7.3CVSS5.9AI score0.00247EPSS
Exploits1References3
OSV
OSV
added 2026/04/07 12:24 p.m.6 views

SUSE-SU-2026:1203-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write bsc1259446. - CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow bsc1259447. -...

8.1CVSS6AI score0.00475EPSS
Exploits0References41
Amazon
Amazon
added 2026/04/01 12:0 a.m.10 views

Important: ImageMagick

Issue Overview: A flaw was found in ImageMagick. An integer overflow vulnerability exists in the SIXEL decoder, which allows a remote attacker to perform an out-of-bounds write via a specially crafted image. This can lead to a Denial of Service DoS and potentially information disclosure...

8.1CVSS6.5AI score0.00353EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.9 views

Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1500)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1500 advisory. A flaw was found in ImageMagick. An integer overflow vulnerability exists in the SIXEL decoder, which allows a remote attacker to perform an out-of-bounds write via a specially crafted image...

8.1CVSS7.7AI score0.00353EPSS
Exploits0References34
Amazon
Amazon
added 2026/04/01 12:0 a.m.12 views

Medium: ImageMagick

Issue Overview: A flaw was found in ImageMagick. An integer overflow vulnerability exists in the SIXEL decoder, which allows a remote attacker to perform an out-of-bounds write via a specially crafted image. This can lead to a Denial of Service DoS and potentially information disclosure...

7.5CVSS6.1AI score0.00475EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.15 views

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3220 (ALAS-2026-3220)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3220 advisory. A flaw was found in ImageMagick. An integer overflow vulnerability exists in the SIXEL decoder, which allows a...

7.5CVSS7.4AI score0.00475EPSS
Exploits0References8
OSV
OSV
added 2026/03/24 4:36 p.m.6 views

CLSA-2026-1774370188 Fix CVE(s): CVE-2026-25970

SECURITY UPDATE: signed 32-bit integer overflow in SIXEL decoder; buffer reallocation overflow leading to memory corruption and denial of service - debian/patches/CVE-2026-25970.patch: Fix out-of-bounds write; Rename misnamed position variables and adjust index arithmetic and casts using signed...

7.5CVSS7.3AI score0.00275EPSS
Exploits0References1
Rows per page
Query Builder