48 matches found
CVE-2019-19637
CVE-2019-19637 affects libsixel 1.8.2, with a root cause of an integer overflow in the function sixel_decode_raw_impl (fromsixel.c). Reported impact per the entry includes partial confidentiality, integrity, and availability with network-based exploitation and no authentication required. The conn...
CVE-2019-19638
CVE-2019-19638 affects Libsixel 1.8.2. A heap-based buffer overflow in load_pnm (frompnm.c) is caused by an integer overflow, as described in multiple connected sources. This condition is associated with denial-of-service/crash behavior in affected versions, with DoS vectors noted for crafted PNG...
CVE-2019-19635
CVE-2019-19635 affects libsixel 1.8.2, with a heap-based buffer overflow in sixel_decode_raw_impl (fromsixel.c). Multiple connected sources identify this Libsixel vulnerability and note that fixes exist in newer releases. Recommended remediations include updating to newerLibsixel versions: PT/sec...
CVE-2019-19636
CVE-2019-19636 affects libsixel 1.8.2, with an integer overflow in the function sixel_encode_body (tosixel.c). The connected documents identify the affected component and root cause, and indicate remediation via updating libsixel to a newer version (e.g., 1.8.3+; several PT Security entries refer...
CVE-2019-20094
CVE-2019-20094 affects libsixel 1.8.4. The issue is a heap-based buffer overflow in gif_init_frame (fromgif.c). Exploitation details and affected products are not fully enumerated in the provided documents, but the vulnerability originates from the GIF frame initialization path. The NVD entry con...
CVE-2019-20023
CVE-2019-20023 refers to a memory leak in libsixel 1.8.4’s image_buffer_resize (fromsixel.c). Red Hat and NVD entries reiter the same description. Nessus indicates unpatched status for some Linux distros. PTSecurity advisories describe multiple Libsixel-related issues with affected ranges (e.g., ...
CVE-2019-20024
CVE-2019-20024 impacts libsixel: a heap-based buffer overflow in image_buffer_resize (fromsixel.c) occurs in all versions before 1.8.4. The Red Hat entry reproduces this, and multiple PTSecurity notes discuss related libsixel issues. Public references indicate the vulnerability exists in the ment...
CVE-2019-20022
CVE-2019-20022 is an invalid memory address dereference in/libsixel's load_pnm (frompnm.c) prior to 1.8.3. Red Hat documents the same description; Nessus notes unpatched status for some Linux distros. Mitigation per sources: upgrade to libsixel 1.8.3+ or later. Some PTSecurity entries discuss rel...
CVE-2019-20205
CVE-2019-20205 affects libsixel 1.8.4. The vulnerability is an integer overflow in sixel_frame_resize in frame.c. Connected sources (Red Hat, NVD, OSV, CNVD, CVE lists) corroborate the issue; no exploitation details or patch/remediation are provided in the supplied documents. CVSS information is ...
CVE-2022-27938
CVE-2022-27938 affects stb_image.h version 2.19 (used by libsixel and other products). The issue is a reachable assertion in stbi__create_png_image_raw. Documented impact indicates a local impact with a high availability impact per CVSS 3.1 (vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) a...
CVE-2022-27044
CVE-2022-27044 affects libsixel 1.8.6. The vulnerability is a Buffer Overflow in libsixel/src/quant.c:876. Connected sources consistently identify the vulnerable component as libsixel 1.8.6. CNVD-2022-31764 explicitly states an attacker can remotely execute arbitrary code via this issue. Other en...
CVE-2021-46700
CVE-2021-46700 affects libsixel 1.8.6: the function sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double-free vulnerability. The issue is documented across multiple feeds (NVD, Debian/OSV/etc.), with CVSSv3.1 impacting availability (HIGH) and overa...
CVE-2020-19668
CVE-2020-19668 affects libsixel 1.8.6, caused by unverified array indexing in gif_out_code() of fromgif.c, leading to out-of-bounds access. Several sources document this vulnerability and provide fixes: ALT Linux notes security fixes for libsixel 1.10.3-alt1; PT-Security PT-2022-11292 recommends ...
CVE-2022-27046
CVE-2022-27046 affects libsixel 1.8.6. The issue is a Heap Use After Free vulnerability in libsixel/src/dither.c:388, as documented by multiple sources (NVD, RH, Debian OSV entries). Impact is described in CVSS as MEDIUM to HIGH depending on vector: network access with partial confidentiality, in...
CVE-2020-11721
CVE-2020-11721 affects libsixel 1.8.6. The issue is a load_png path in loader.c that uses an uninitialized pointer, leading to an invalid free and potential denial of service. PTSecurity advisories indicate updates to 1.8.4+ to fix related heap/array processing issues; ALT Linux notes a 1.10.3-al...
CVE-2022-29978
CVE-2022-29978 affects libsixel, specifically the img2sixel component lib sixel img2sixel 1.8.6. The underlying issue is a floating point exception in sixel_encoder_do_resize, encoder.c:633, which remote attackers can trigger via a crafted JPEG to cause a denial of service. The initial sources li...
CVE-2022-29977
CVE-2022-29977 affects libsixel img2sixel 1.8.6. The vulnerability is an assertion failure in stbi__jpeg_huff_decode (stb_image.h:1894) that enables remote-denial-of-service via a crafted JPEG file. The provided documents do not specify patched versions or remediation steps.
CVE-2020-21050
CVE-2020-21050 affects libsixel prior to v1.8.3, due to a stack buffer overflow in gif_process_raster at fromgif.c. The connected sources confirm the flaw and indicate fixes in later releases (e.g., v1.8.3+; upstream changelog mentions v1.8.5). Remediation is to upgradelibsixel to a version conta...
CVE-2020-21548
CVE-2020-21548 affects Libsixel 1.8.3, with a heap-based buffer overflow in the sixel_encode_highcolor function located in tosixel.c. The connected records confirm the vulnerable component and function, but do not provide specifics on patch availability, fixed version, or exploit details. No reme...
CVE-2020-21547
CVE-2020-21547 affects Libsixel 1.8.2, with a heap-based buffer overflow in the dither_func_fs function (tosixel.c). Multiple connected sources corroborate the flaw and link it to Libsixel 1.8.2, describing the vulnerability as a heap overflow in that code path. APTs suggest a remediation path: v...
CVE-2020-21677
CVE-2020-21677 describes a heap-based buffer overflow in the sixel_encoder_output_without_macro function of encoder.c in Libsixel 1.8.4. Exploitation is via converting a crafted PNG file into Sixel format, causing a denial of service. The vulnerability is documented across multiple feeds (NVD, Re...
CVE-2018-19756
CVE-2018-19756 affects libsixel 1.8.2 and is tied to a heap-based buffer over-read in stb_image.h (stbi__tga_load), leading to denial of service. The connected documents identify Libsixel vulnerabilities across multiple versions, notably 1.8.2, with remediation guidance to update to newer release...
CVE-2018-19757
CVE-2018-19757 affects libsixel 1.8.2 and is caused by a NULL pointer dereference in sixel_helper_set_additional_message (status.c), leading to denial of service. Connected advisories indicate fixes in Libsixel as versioned updates (e.g., upgrade to 1.8.3+ or 1.8.4+ depending on the issue) and re...
CVE-2018-19763
CVE-2018-19763 describes a heap-based buffer over-read in libsixel 1.8.2, specifically writer.c (function write_png_to_file), leading to a denial of service. Connected sources confirm the issue and the vulnerable component, but do not provide a concrete fixed version within the supplied documents...
CVE-2020-21049
CVE-2020-21049 affects the libsixel project. An invalid read in the stb_image.h component prior to v1.8.5 allows an attacker to cause a Denial of Service (DOS) via a crafted PSD file. Affected software is/libsixel prior to 1.8.5 (per multiple sources). The documented impact is a DOS, with no expl...
CVE-2019-3573
CVE-2019-3573 affects Libsixel v1.8.2, with an infinite loop in sixel_decode_raw_impl() (fromsixel.c), as reported in the initial entry. Connected advisories confirm Libsixel upgrades as remediation: e.g., PT/ptsecurity notes for versions prior to 1.8.3 require updating to 1.8.3+, PT-2021-6712 re...
CVE-2019-20140
CVE-2019-20140 affects libsixel 1.8.4, with a heap-based buffer overflow in the function gif_out_code in fromgif.c. This is corroborated by Red Hat’s advisory and multiple CVE aggregators. The available documents do not specify a patched version or workaround. References point to Libsixel issue #...
CVE-2020-21048
CVE-2020-21048 affects the libsixel library, specifically the dither.c component, with a vulnerability present in versions prior to 1.8.4 that allows a crafted PNG to trigger a denial of service. The issue is documented as a DOS condition via crafted PNG input and is addressed by upgrading to lib...
CVE-2018-14072
CVE-2018-14072 affects libsixel 1.8.1, with a memory leak in three areas: sixel_decoder_decode (decoder.c), image_buffer_resize (fromsixel.c), and sixel_decode_raw (fromsixel.c). The issue is a memory leak (no explicit root cause details beyond function locations) and is described consistently ac...
CVE-2019-19777
CVE-2019-19777 concerns stb_image.h 2.23 (the stb image loader), used by libsixel and others, with a heap-based buffer over-read in stbi__load_main. The provided documents confirm the presence of the vulnerability and its association with stb_image.h, but no public details about affected products...
CVE-2018-14073
CVE-2018-14073 affects libsixel 1.8.1, with a memory leak in the function sixel_allocator_new (allocator.c). The connected Red Hat, CNVD, OSV, UNPATCHED, and other feeds consistently describe a memory leak in this allocator, indicating a likely resource handling issue in libsixel’s allocator. The...
CVE-2018-19759
CVE-2018-19759 affects libsixel 1.8.2 with a heap-based buffer over-read in stb_image_write.h (stbi_write_png_to_mem) that can cause denial of service. Red Hat notes the same issue. Red team sources (PT Security) indicate the vulnerability exists in libsixel prior to 1.8.3 and advise updating to ...
CVE-2018-19761
CVE-2018-19761 affects Libsixel 1.8.2, where an illegal address access in fromsixel.c:sixel_decode_raw_impl can cause a denial of service. No exploitation details are provided in the documents. Remediation: update to a newer Libsixel version that contains a fix; no specific patched version is nam...
CVE-2020-36120
CVE-2020-36120 affects Libsixel v1.8.6, with a buffer overflow in the sixel_encoder_encode_bytes function that can cause a Denial of Service (DoS). The connected documents confirm the vulnerable component and impact but do not provide remediation details or patched versions within the supplied ma...
CVE-2018-19762
CVE-2018-19762 concerns a heap-based buffer overflow in libsixel 1.8.2 (fromsixel.c: image_buffer_resize) that can lead to denial of service or potentially other impacts. Red Hat's entry mirrors this description. Several connected advisories corroborate Libsixel-focused issues and outline affecte...
CVE-2019-19778
CVE-2019-19778 affects libsixel 1.8.2 with a heap-based buffer over-read in load_sixel(), loader.c. CVSSv3.1 base score 8.8 (NETWORK, HIGH impact on confidentiality, integrity, and availability; user interaction required). Connected advisories corroborate issues across multiple libsixel versions ...
CVE-2019-11024
CVE-2019-11024 affects libsixel 1.8.2, where the load_pnm function in frompnm.c can cause infinite recursion in libsixel.a. Red Hat’s advisory restates the issue as described. Several PT Security entries corroborate that the flaw resides in libsixel components (e.g., frompnm.c) and recommend upgr...
CVE-2019-3574
CVE-2019-3574 : In libsixel v1.8.2, there is a heap-based buffer over-read in load_jpeg() (loader.c), demonstrated by img2sixel. Connected sources consistently indicate upgrades to newer libsixel versions to mitigate issues (e.g., 1.8.3+; some entries mention 1.8.4+ as a fixed release). Evidence ...
CVE-2025-9300
CVE-2025-9300 affects libsixel (saitoha/libsixel) up to 1.10.3. The vuln targets the function sixel_debug_print_palette in src/encoder.c (img2sixel) and causes a stack-based buffer overflow. Successful exploitation requires local access; public exploit is available. The patch is identified by com...
CVE-2026-44636
CVE-2026-44636 affects libsixel (SIXEL encoder/decoder). A signed integer overflow in sixel_encode_highcolor’s allocation size calculation (widthheight) can cause a heap buffer overflow when encoding very large pixel buffers; callers may trigger allocation wrapping if width height > INT_MAX. T...
CVE-2026-44638
CVE-2026-44638 affects the libsixel SIXEL encoder/decoder. A wrong NULL check after allocation in sixel_decode_raw and sixel_decode causes a NULL pointer dereference when allocation fails, enabling a denial-of-service for callers under low-memory conditions. The issue stems from testing the addre...
CVE-2026-44637
CVE-2026-44637 affects libsixel (SIXEL encoder/decoder). A signed integer overflow in the parser’s image-buffer doubling loop (sixel_decode_raw_impl) occurs as context->pos_x is incremented by repeat_count with no upper bound check. When pos_x nears INT_MAX, pos_x + repeat_count overflows sign...
CVE-2026-33018
libsixel 1.8.7 and prior contain a heap use‑after‑free in load_gif() (fromgif.c): a single sixel_frame_t is reused across all frames of an animated GIF and gif_init_frame() frees/reallocates frame->pixels between frames regardless of reference counts. A callback using sixel_frame_get_pixels() ...
CVE-2026-33020
libsixel versions up to 1.8.7 are affected by an integer overflow in sixel_frame_convert_to_rgb888() that causes a heap buffer overflow when handling palettised images (PAL1, PAL2, PAL4). The allocation size and pointer arithmetic use int, leading to an undersized heap allocation and negative off...
CVE-2025-61146
CVE-2025-61146 affects the libsixel library up to version 1.8.7, where a memory leak is reported in malloc_stub.c. The included metrics indicate a local, low-complexity attack with a MEDIUM base score (CVSS 3.1: AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fedora advisories (FEDORA-2026-a800d3417b and F...
CVE-2026-33019
Summary: The issue affects libsixel versions up to 1.8.7 and prior, where the --crop handling in img2sixel can overflow when coordinates are large. In sixel_encoder_do_clip(), clip_w + clip_x overflows for clip_x = INT_MAX, bypassing bounds checks and allowing an unclamped coordinate to reach six...
CVE-2026-33021
CVE-2026-33021 (libsixel) is a use-after-free in sixel_encoder_encode_bytes() affecting libsixel 1.8.7 and earlier. The bug arises because sixel_frame_init() stores a caller-owned pixel buffer pointer directly in frame->pixels without copying. On a subsequent resize, sixel_frame_convert_to_rgb...
CVE-2026-33023
The Libsixels vulnerability CVE-2026-33023 is a use-after-free in load_with_gdkpixbuf() when built with --with-gdk-pixbuf2, affecting version