2 matches found
CVE-2026-33020
A flaw was found in libsixel. An integer overflow vulnerability in the sixelframeconverttorgb888 function can lead to a heap buffer overflow when processing specially crafted large palettised PNG images. An attacker can exploit this by providing a malicious image, which causes heap corruption in...
PT-2026-32927
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow which leads to a heap buffer overflow via sixel frame convert to rgb888 in frame.c, where allocation size and pointer offset computations for palettised images PAL1,...