Libsixel Security Vulnerabilities and Issues — Libsixel CVE List

Lucene search

Libsixel ProjectLibsixel

14 matches found

CVE•added 2019/12/27 2:15 a.m.•107 views

CVE-2019-20023

A memory leak was discovered in image_buffer_resize in fromsixel.c in libsixel 1.8.4.

6.5CVSS6.3AI score0.00436EPSS

CVE•added 2019/12/27 2:15 a.m.•93 views

CVE-2019-20022

An invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3.

6.5CVSS6.4AI score0.00382EPSS

CVE•added 2019/12/27 2:15 a.m.•93 views

CVE-2019-20024

A heap-based buffer overflow was discovered in image_buffer_resize in fromsixel.c in libsixel before 1.8.4.

6.5CVSS6.6AI score0.00491EPSS

CVE•added 2022/02/19 7:15 p.m.•74 views

CVE-2021-46700

In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.

6.5CVSS6.4AI score0.00244EPSS

CVE•added 2020/11/20 4:15 p.m.•66 views

CVE-2020-19668

Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6.

6.5CVSS6.3AI score0.00238EPSS

CVE•added 2022/05/11 2:15 p.m.•58 views

CVE-2022-29978

There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.

6.5CVSS6.2AI score0.003EPSS

CVE•added 2020/04/12 7:15 p.m.•52 views

CVE-2020-11721

load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service.

6.5CVSS6.3AI score0.00468EPSS

CVE•added 2022/05/11 2:15 p.m.•51 views

CVE-2022-29977

There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.

6.5CVSS6.2AI score0.003EPSS

CVE•added 2018/11/30 3:29 a.m.•48 views

CVE-2018-19757

There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service.

6.5CVSS6.4AI score0.00261EPSS

CVE•added 2021/09/14 4:15 p.m.•48 views

CVE-2020-21050

Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c.

6.5CVSS6.6AI score0.00749EPSS

CVE•added 2021/09/14 4:15 p.m.•45 views

CVE-2020-21049

An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file.

6.5CVSS6.1AI score0.00412EPSS

CVE•added 2021/09/14 4:15 p.m.•44 views

CVE-2020-21048

An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file.

6.5CVSS6.1AI score0.00412EPSS

CVE•added 2021/08/10 9:15 p.m.•42 views

CVE-2020-21677

A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file into Sixel format.

6.5CVSS6.5AI score0.00278EPSS

CVE•added 2022/01/25 12:15 p.m.•39 views

CVE-2021-45340

In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.

6.5CVSS6.1AI score0.00163EPSS