Lucene search
K
SaitohaLibsixel

48 matches found

CVE
CVE
added 2019/12/08 3:0 a.m.187 views

CVE-2019-19637

CVE-2019-19637 affects libsixel 1.8.2, with a root cause of an integer overflow in the function sixel_decode_raw_impl (fromsixel.c). Reported impact per the entry includes partial confidentiality, integrity, and availability with network-based exploitation and no authentication required. The conn...

9.8CVSS9.6AI score0.0124EPSS
CVE
CVE
added 2019/12/08 3:0 a.m.181 views

CVE-2019-19638

CVE-2019-19638 affects Libsixel 1.8.2. A heap-based buffer overflow in load_pnm (frompnm.c) is caused by an integer overflow, as described in multiple connected sources. This condition is associated with denial-of-service/crash behavior in affected versions, with DoS vectors noted for crafted PNG...

9.8CVSS9.6AI score0.01208EPSS
CVE
CVE
added 2019/12/08 3:0 a.m.177 views

CVE-2019-19635

CVE-2019-19635 affects libsixel 1.8.2, with a heap-based buffer overflow in sixel_decode_raw_impl (fromsixel.c). Multiple connected sources identify this Libsixel vulnerability and note that fixes exist in newer releases. Recommended remediations include updating to newerLibsixel versions: PT/sec...

9.8CVSS9.7AI score0.01208EPSS
CVE
CVE
added 2019/12/08 3:0 a.m.177 views

CVE-2019-19636

CVE-2019-19636 affects libsixel 1.8.2, with an integer overflow in the function sixel_encode_body (tosixel.c). The connected documents identify the affected component and root cause, and indicate remediation via updating libsixel to a newer version (e.g., 1.8.3+; several PT Security entries refer...

9.8CVSS9.6AI score0.0124EPSS
CVE
CVE
added 2019/12/30 3:47 a.m.126 views

CVE-2019-20094

CVE-2019-20094 affects libsixel 1.8.4. The issue is a heap-based buffer overflow in gif_init_frame (fromgif.c). Exploitation details and affected products are not fully enumerated in the provided documents, but the vulnerability originates from the GIF frame initialization path. The NVD entry con...

8.8CVSS8.9AI score0.01045EPSS
CVE
CVE
added 2019/12/27 1:10 a.m.122 views

CVE-2019-20023

CVE-2019-20023 refers to a memory leak in libsixel 1.8.4’s image_buffer_resize (fromsixel.c). Red Hat and NVD entries reiter the same description. Nessus indicates unpatched status for some Linux distros. PTSecurity advisories describe multiple Libsixel-related issues with affected ranges (e.g., ...

6.5CVSS6.3AI score0.01002EPSS
CVE
CVE
added 2019/12/27 1:10 a.m.108 views

CVE-2019-20024

CVE-2019-20024 impacts libsixel: a heap-based buffer overflow in image_buffer_resize (fromsixel.c) occurs in all versions before 1.8.4. The Red Hat entry reproduces this, and multiple PTSecurity notes discuss related libsixel issues. Public references indicate the vulnerability exists in the ment...

6.5CVSS6.6AI score0.01002EPSS
CVE
CVE
added 2019/12/27 1:11 a.m.106 views

CVE-2019-20022

CVE-2019-20022 is an invalid memory address dereference in/libsixel's load_pnm (frompnm.c) prior to 1.8.3. Red Hat documents the same description; Nessus notes unpatched status for some Linux distros. Mitigation per sources: upgrade to libsixel 1.8.3+ or later. Some PTSecurity entries discuss rel...

6.5CVSS6.4AI score0.00933EPSS
CVE
CVE
added 2020/01/01 10:30 p.m.106 views

CVE-2019-20205

CVE-2019-20205 affects libsixel 1.8.4. The vulnerability is an integer overflow in sixel_frame_resize in frame.c. Connected sources (Red Hat, NVD, OSV, CNVD, CVE lists) corroborate the issue; no exploitation details or patch/remediation are provided in the supplied documents. CVSS information is ...

8.8CVSS8.8AI score0.01045EPSS
CVE
CVE
added 2022/03/26 12:49 p.m.96 views

CVE-2022-27938

CVE-2022-27938 affects stb_image.h version 2.19 (used by libsixel and other products). The issue is a reachable assertion in stbi__create_png_image_raw. Documented impact indicates a local impact with a high availability impact per CVSS 3.1 (vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) a...

5.5CVSS5.4AI score0.00604EPSS
CVE
CVE
added 2022/04/08 2:58 p.m.94 views

CVE-2022-27044

CVE-2022-27044 affects libsixel 1.8.6. The vulnerability is a Buffer Overflow in libsixel/src/quant.c:876. Connected sources consistently identify the vulnerable component as libsixel 1.8.6. CNVD-2022-31764 explicitly states an attacker can remotely execute arbitrary code via this issue. Other en...

8.8CVSS8.7AI score0.01003EPSS
CVE
CVE
added 2022/02/19 6:22 p.m.93 views

CVE-2021-46700

CVE-2021-46700 affects libsixel 1.8.6: the function sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double-free vulnerability. The issue is documented across multiple feeds (NVD, Debian/OSV/etc.), with CVSSv3.1 impacting availability (HIGH) and overa...

6.5CVSS6.4AI score0.00817EPSS
CVE
CVE
added 2020/11/20 3:39 p.m.79 views

CVE-2020-19668

CVE-2020-19668 affects libsixel 1.8.6, caused by unverified array indexing in gif_out_code() of fromgif.c, leading to out-of-bounds access. Several sources document this vulnerability and provide fixes: ALT Linux notes security fixes for libsixel 1.10.3-alt1; PT-Security PT-2022-11292 recommends ...

6.5CVSS6.3AI score0.00853EPSS
CVE
CVE
added 2022/04/08 2:51 p.m.77 views

CVE-2022-27046

CVE-2022-27046 affects libsixel 1.8.6. The issue is a Heap Use After Free vulnerability in libsixel/src/dither.c:388, as documented by multiple sources (NVD, RH, Debian OSV entries). Impact is described in CVSS as MEDIUM to HIGH depending on vector: network access with partial confidentiality, in...

8.8CVSS8.6AI score0.01003EPSS
CVE
CVE
added 2020/04/12 6:39 p.m.74 views

CVE-2020-11721

CVE-2020-11721 affects libsixel 1.8.6. The issue is a load_png path in loader.c that uses an uninitialized pointer, leading to an invalid free and potential denial of service. PTSecurity advisories indicate updates to 1.8.4+ to fix related heap/array processing issues; ALT Linux notes a 1.10.3-al...

6.5CVSS6.3AI score0.00943EPSS
CVE
CVE
added 2022/05/11 1:12 p.m.73 views

CVE-2022-29978

CVE-2022-29978 affects libsixel, specifically the img2sixel component lib sixel img2sixel 1.8.6. The underlying issue is a floating point exception in sixel_encoder_do_resize, encoder.c:633, which remote attackers can trigger via a crafted JPEG to cause a denial of service. The initial sources li...

6.5CVSS6.2AI score0.0097EPSS
CVE
CVE
added 2022/05/11 1:10 p.m.72 views

CVE-2022-29977

CVE-2022-29977 affects libsixel img2sixel 1.8.6. The vulnerability is an assertion failure in stbi__jpeg_huff_decode (stb_image.h:1894) that enables remote-denial-of-service via a crafted JPEG file. The provided documents do not specify patched versions or remediation steps.

6.5CVSS6.2AI score0.0097EPSS
CVE
CVE
added 2021/09/14 3:9 p.m.68 views

CVE-2020-21050

CVE-2020-21050 affects libsixel prior to v1.8.3, due to a stack buffer overflow in gif_process_raster at fromgif.c. The connected sources confirm the flaw and indicate fixes in later releases (e.g., v1.8.3+; upstream changelog mentions v1.8.5). Remediation is to upgradelibsixel to a version conta...

6.5CVSS6.6AI score0.01501EPSS
CVE
CVE
added 2021/09/17 8:34 p.m.67 views

CVE-2020-21548

CVE-2020-21548 affects Libsixel 1.8.3, with a heap-based buffer overflow in the sixel_encode_highcolor function located in tosixel.c. The connected records confirm the vulnerable component and function, but do not provide specifics on patch availability, fixed version, or exploit details. No reme...

8.8CVSS8.9AI score0.01035EPSS
CVE
CVE
added 2021/09/17 8:34 p.m.65 views

CVE-2020-21547

CVE-2020-21547 affects Libsixel 1.8.2, with a heap-based buffer overflow in the dither_func_fs function (tosixel.c). Multiple connected sources corroborate the flaw and link it to Libsixel 1.8.2, describing the vulnerability as a heap overflow in that code path. APTs suggest a remediation path: v...

8.8CVSS8.9AI score0.0103EPSS
CVE
CVE
added 2021/08/10 8:19 p.m.65 views

CVE-2020-21677

CVE-2020-21677 describes a heap-based buffer overflow in the sixel_encoder_output_without_macro function of encoder.c in Libsixel 1.8.4. Exploitation is via converting a crafted PNG file into Sixel format, causing a denial of service. The vulnerability is documented across multiple feeds (NVD, Re...

6.5CVSS6.5AI score0.00904EPSS
CVE
CVE
added 2018/11/30 3:0 a.m.63 views

CVE-2018-19756

CVE-2018-19756 affects libsixel 1.8.2 and is tied to a heap-based buffer over-read in stb_image.h (stbi__tga_load), leading to denial of service. The connected documents identify Libsixel vulnerabilities across multiple versions, notably 1.8.2, with remediation guidance to update to newer release...

5.5CVSS5.5AI score0.00684EPSS
CVE
CVE
added 2018/11/30 3:0 a.m.63 views

CVE-2018-19757

CVE-2018-19757 affects libsixel 1.8.2 and is caused by a NULL pointer dereference in sixel_helper_set_additional_message (status.c), leading to denial of service. Connected advisories indicate fixes in Libsixel as versioned updates (e.g., upgrade to 1.8.3+ or 1.8.4+ depending on the issue) and re...

6.5CVSS6.4AI score0.00867EPSS
CVE
CVE
added 2018/11/30 3:0 a.m.62 views

CVE-2018-19763

CVE-2018-19763 describes a heap-based buffer over-read in libsixel 1.8.2, specifically writer.c (function write_png_to_file), leading to a denial of service. Connected sources confirm the issue and the vulnerable component, but do not provide a concrete fixed version within the supplied documents...

5.5CVSS5.5AI score0.00684EPSS
CVE
CVE
added 2021/09/14 3:9 p.m.62 views

CVE-2020-21049

CVE-2020-21049 affects the libsixel project. An invalid read in the stb_image.h component prior to v1.8.5 allows an attacker to cause a Denial of Service (DOS) via a crafted PSD file. Affected software is/libsixel prior to 1.8.5 (per multiple sources). The documented impact is a DOS, with no expl...

6.5CVSS6.1AI score0.01338EPSS
CVE
CVE
added 2019/01/02 3:0 p.m.61 views

CVE-2019-3573

CVE-2019-3573 affects Libsixel v1.8.2, with an infinite loop in sixel_decode_raw_impl() (fromsixel.c), as reported in the initial entry. Connected advisories confirm Libsixel upgrades as remediation: e.g., PT/ptsecurity notes for versions prior to 1.8.3 require updating to 1.8.3+, PT-2021-6712 re...

5.5CVSS5.5AI score0.00961EPSS
CVE
CVE
added 2019/12/30 4:35 p.m.60 views

CVE-2019-20140

CVE-2019-20140 affects libsixel 1.8.4, with a heap-based buffer overflow in the function gif_out_code in fromgif.c. This is corroborated by Red Hat’s advisory and multiple CVE aggregators. The available documents do not specify a patched version or workaround. References point to Libsixel issue #...

8.8CVSS8.9AI score0.01123EPSS
CVE
CVE
added 2021/09/14 3:9 p.m.60 views

CVE-2020-21048

CVE-2020-21048 affects the libsixel library, specifically the dither.c component, with a vulnerability present in versions prior to 1.8.4 that allows a crafted PNG to trigger a denial of service. The issue is documented as a DOS condition via crafted PNG input and is addressed by upgrading to lib...

6.5CVSS6.1AI score0.01332EPSS
CVE
CVE
added 2018/07/15 6:0 p.m.59 views

CVE-2018-14072

CVE-2018-14072 affects libsixel 1.8.1, with a memory leak in three areas: sixel_decoder_decode (decoder.c), image_buffer_resize (fromsixel.c), and sixel_decode_raw (fromsixel.c). The issue is a memory leak (no explicit root cause details beyond function locations) and is described consistently ac...

7.5CVSS7.4AI score0.01411EPSS
CVE
CVE
added 2019/12/13 1:5 a.m.57 views

CVE-2019-19777

CVE-2019-19777 concerns stb_image.h 2.23 (the stb image loader), used by libsixel and others, with a heap-based buffer over-read in stbi__load_main. The provided documents confirm the presence of the vulnerability and its association with stb_image.h, but no public details about affected products...

8.8CVSS8.7AI score0.01404EPSS
CVE
CVE
added 2018/07/15 6:0 p.m.56 views

CVE-2018-14073

CVE-2018-14073 affects libsixel 1.8.1, with a memory leak in the function sixel_allocator_new (allocator.c). The connected Red Hat, CNVD, OSV, UNPATCHED, and other feeds consistently describe a memory leak in this allocator, indicating a likely resource handling issue in libsixel’s allocator. The...

7.5CVSS7.3AI score0.01452EPSS
CVE
CVE
added 2018/11/30 3:0 a.m.56 views

CVE-2018-19759

CVE-2018-19759 affects libsixel 1.8.2 with a heap-based buffer over-read in stb_image_write.h (stbi_write_png_to_mem) that can cause denial of service. Red Hat notes the same issue. Red team sources (PT Security) indicate the vulnerability exists in libsixel prior to 1.8.3 and advise updating to ...

5.5CVSS5.5AI score0.00684EPSS
CVE
CVE
added 2018/11/30 3:0 a.m.56 views

CVE-2018-19761

CVE-2018-19761 affects Libsixel 1.8.2, where an illegal address access in fromsixel.c:sixel_decode_raw_impl can cause a denial of service. No exploitation details are provided in the documents. Remediation: update to a newer Libsixel version that contains a fix; no specific patched version is nam...

5.5CVSS5.4AI score0.00684EPSS
CVE
CVE
added 2021/04/14 1:50 p.m.56 views

CVE-2020-36120

CVE-2020-36120 affects Libsixel v1.8.6, with a buffer overflow in the sixel_encoder_encode_bytes function that can cause a Denial of Service (DoS). The connected documents confirm the vulnerable component and impact but do not provide remediation details or patched versions within the supplied ma...

7.5CVSS7.4AI score0.01241EPSS
CVE
CVE
added 2018/11/30 3:0 a.m.55 views

CVE-2018-19762

CVE-2018-19762 concerns a heap-based buffer overflow in libsixel 1.8.2 (fromsixel.c: image_buffer_resize) that can lead to denial of service or potentially other impacts. Red Hat's entry mirrors this description. Several connected advisories corroborate Libsixel-focused issues and outline affecte...

7.8CVSS8AI score0.00824EPSS
CVE
CVE
added 2019/12/13 1:6 a.m.55 views

CVE-2019-19778

CVE-2019-19778 affects libsixel 1.8.2 with a heap-based buffer over-read in load_sixel(), loader.c. CVSSv3.1 base score 8.8 (NETWORK, HIGH impact on confidentiality, integrity, and availability; user interaction required). Connected advisories corroborate issues across multiple libsixel versions ...

8.8CVSS8.7AI score0.01404EPSS
CVE
CVE
added 2019/04/08 10:20 p.m.54 views

CVE-2019-11024

CVE-2019-11024 affects libsixel 1.8.2, where the load_pnm function in frompnm.c can cause infinite recursion in libsixel.a. Red Hat’s advisory restates the issue as described. Several PT Security entries corroborate that the flaw resides in libsixel components (e.g., frompnm.c) and recommend upgr...

5.5CVSS5.5AI score0.00961EPSS
CVE
CVE
added 2019/01/02 3:0 p.m.49 views

CVE-2019-3574

CVE-2019-3574 : In libsixel v1.8.2, there is a heap-based buffer over-read in load_jpeg() (loader.c), demonstrated by img2sixel. Connected sources consistently indicate upgrades to newer libsixel versions to mitigate issues (e.g., 1.8.3+; some entries mention 1.8.4+ as a fixed release). Evidence ...

7.8CVSS7.6AI score0.01198EPSS
CVE
CVE
added 2025/08/21 1:2 p.m.48 views

CVE-2025-9300

CVE-2025-9300 affects libsixel (saitoha/libsixel) up to 1.10.3. The vuln targets the function sixel_debug_print_palette in src/encoder.c (img2sixel) and causes a stack-based buffer overflow. Successful exploitation requires local access; public exploit is available. The patch is identified by com...

7.8CVSS7.1AI score0.00225EPSS
CVE
CVE
added 2026/05/14 8:1 p.m.30 views

CVE-2026-44636

CVE-2026-44636 affects libsixel (SIXEL encoder/decoder). A signed integer overflow in sixel_encode_highcolor’s allocation size calculation (widthheight) can cause a heap buffer overflow when encoding very large pixel buffers; callers may trigger allocation wrapping if width height > INT_MAX. T...

7.8CVSS6.3AI score0.00104EPSS
CVE
CVE
added 2026/05/14 7:59 p.m.25 views

CVE-2026-44638

CVE-2026-44638 affects the libsixel SIXEL encoder/decoder. A wrong NULL check after allocation in sixel_decode_raw and sixel_decode causes a NULL pointer dereference when allocation fails, enabling a denial-of-service for callers under low-memory conditions. The issue stems from testing the addre...

2.5CVSS5.8AI score0.00131EPSS
CVE
CVE
added 2026/05/14 8:2 p.m.19 views

CVE-2026-44637

CVE-2026-44637 affects libsixel (SIXEL encoder/decoder). A signed integer overflow in the parser’s image-buffer doubling loop (sixel_decode_raw_impl) occurs as context->pos_x is incremented by repeat_count with no upper bound check. When pos_x nears INT_MAX, pos_x + repeat_count overflows sign...

7.1CVSS6AI score0.0016EPSS
CVE
CVE
added 2026/04/14 9:45 p.m.17 views

CVE-2026-33018

libsixel 1.8.7 and prior contain a heap use‑after‑free in load_gif() (fromgif.c): a single sixel_frame_t is reused across all frames of an animated GIF and gif_init_frame() frees/reallocates frame->pixels between frames regardless of reference counts. A callback using sixel_frame_get_pixels() ...

7CVSS5.8AI score0.00191EPSS
CVE
CVE
added 2026/04/14 9:53 p.m.16 views

CVE-2026-33020

libsixel versions up to 1.8.7 are affected by an integer overflow in sixel_frame_convert_to_rgb888() that causes a heap buffer overflow when handling palettised images (PAL1, PAL2, PAL4). The allocation size and pointer arithmetic use int, leading to an undersized heap allocation and negative off...

7.1CVSS6.3AI score0.00205EPSS
CVE
CVE
added 2026/02/23 12:0 a.m.13 views

CVE-2025-61146

CVE-2025-61146 affects the libsixel library up to version 1.8.7, where a memory leak is reported in malloc_stub.c. The included metrics indicate a local, low-complexity attack with a MEDIUM base score (CVSS 3.1: AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fedora advisories (FEDORA-2026-a800d3417b and F...

4CVSS5.3AI score0.00118EPSS
CVE
CVE
added 2026/04/14 9:49 p.m.13 views

CVE-2026-33019

Summary: The issue affects libsixel versions up to 1.8.7 and prior, where the --crop handling in img2sixel can overflow when coordinates are large. In sixel_encoder_do_clip(), clip_w + clip_x overflows for clip_x = INT_MAX, bypassing bounds checks and allowing an unclamped coordinate to reach six...

7.1CVSS5.9AI score0.00256EPSS
CVE
CVE
added 2026/04/14 9:57 p.m.13 views

CVE-2026-33021

CVE-2026-33021 (libsixel) is a use-after-free in sixel_encoder_encode_bytes() affecting libsixel 1.8.7 and earlier. The bug arises because sixel_frame_init() stores a caller-owned pixel buffer pointer directly in frame->pixels without copying. On a subsequent resize, sixel_frame_convert_to_rgb...

7.3CVSS6AI score0.00247EPSS
CVE
CVE
added 2026/04/14 10:5 p.m.12 views

CVE-2026-33023

The Libsixels vulnerability CVE-2026-33023 is a use-after-free in load_with_gdkpixbuf() when built with --with-gdk-pixbuf2, affecting version

7.8CVSS5.8AI score0.00289EPSS