Lucene search
K

13 matches found

CVE
CVE
added 2019/12/27 1:10 a.m.123 views

CVE-2019-20023

CVE-2019-20023 refers to a memory leak in libsixel 1.8.4’s image_buffer_resize (fromsixel.c). Red Hat and NVD entries reiter the same description. Nessus indicates unpatched status for some Linux distros. PTSecurity advisories describe multiple Libsixel-related issues with affected ranges (e.g., ...

6.5CVSS6.3AI score0.01002EPSS
CVE
CVE
added 2019/12/27 1:10 a.m.108 views

CVE-2019-20024

CVE-2019-20024 impacts libsixel: a heap-based buffer overflow in image_buffer_resize (fromsixel.c) occurs in all versions before 1.8.4. The Red Hat entry reproduces this, and multiple PTSecurity notes discuss related libsixel issues. Public references indicate the vulnerability exists in the ment...

6.5CVSS6.6AI score0.01002EPSS
CVE
CVE
added 2019/12/27 1:11 a.m.106 views

CVE-2019-20022

CVE-2019-20022 is an invalid memory address dereference in/libsixel's load_pnm (frompnm.c) prior to 1.8.3. Red Hat documents the same description; Nessus notes unpatched status for some Linux distros. Mitigation per sources: upgrade to libsixel 1.8.3+ or later. Some PTSecurity entries discuss rel...

6.5CVSS6.4AI score0.00933EPSS
CVE
CVE
added 2022/03/26 12:49 p.m.96 views

CVE-2022-27938

CVE-2022-27938 affects stb_image.h version 2.19 (used by libsixel and other products). The issue is a reachable assertion in stbi__create_png_image_raw. Documented impact indicates a local impact with a high availability impact per CVSS 3.1 (vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) a...

5.5CVSS5.4AI score0.00604EPSS
CVE
CVE
added 2021/09/14 3:9 p.m.69 views

CVE-2020-21050

CVE-2020-21050 affects libsixel prior to v1.8.3, due to a stack buffer overflow in gif_process_raster at fromgif.c. The connected sources confirm the flaw and indicate fixes in later releases (e.g., v1.8.3+; upstream changelog mentions v1.8.5). Remediation is to upgradelibsixel to a version conta...

6.5CVSS6.6AI score0.01551EPSS
CVE
CVE
added 2021/09/14 3:9 p.m.62 views

CVE-2020-21049

CVE-2020-21049 affects the libsixel project. An invalid read in the stb_image.h component prior to v1.8.5 allows an attacker to cause a Denial of Service (DOS) via a crafted PSD file. Affected software is/libsixel prior to 1.8.5 (per multiple sources). The documented impact is a DOS, with no expl...

6.5CVSS6.1AI score0.01382EPSS
CVE
CVE
added 2021/09/14 3:9 p.m.61 views

CVE-2020-21048

CVE-2020-21048 affects the libsixel library, specifically the dither.c component, with a vulnerability present in versions prior to 1.8.4 that allows a crafted PNG to trigger a denial of service. The issue is documented as a DOS condition via crafted PNG input and is addressed by upgrading to lib...

6.5CVSS6.1AI score0.01376EPSS
CVE
CVE
added 2025/08/21 1:2 p.m.49 views

CVE-2025-9300

CVE-2025-9300 affects libsixel (saitoha/libsixel) up to 1.10.3. The vuln targets the function sixel_debug_print_palette in src/encoder.c (img2sixel) and causes a stack-based buffer overflow. Successful exploitation requires local access; public exploit is available. The patch is identified by com...

7.8CVSS7.1AI score0.00225EPSS
CVE
CVE
added 2026/04/14 9:45 p.m.17 views

CVE-2026-33018

libsixel 1.8.7 and prior contain a heap use‑after‑free in load_gif() (fromgif.c): a single sixel_frame_t is reused across all frames of an animated GIF and gif_init_frame() frees/reallocates frame->pixels between frames regardless of reference counts. A callback using sixel_frame_get_pixels() ...

7CVSS5.8AI score0.00191EPSS
CVE
CVE
added 2026/04/14 9:53 p.m.17 views

CVE-2026-33020

libsixel versions up to 1.8.7 are affected by an integer overflow in sixel_frame_convert_to_rgb888() that causes a heap buffer overflow when handling palettised images (PAL1, PAL2, PAL4). The allocation size and pointer arithmetic use int, leading to an undersized heap allocation and negative off...

7.1CVSS6.3AI score0.00205EPSS
CVE
CVE
added 2026/02/23 12:0 a.m.14 views

CVE-2025-61146

CVE-2025-61146 affects the libsixel library up to version 1.8.7, where a memory leak is reported in malloc_stub.c. The included metrics indicate a local, low-complexity attack with a MEDIUM base score (CVSS 3.1: AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fedora advisories (FEDORA-2026-a800d3417b and F...

4CVSS5.3AI score0.00118EPSS
CVE
CVE
added 2026/04/14 9:57 p.m.14 views

CVE-2026-33021

CVE-2026-33021 (libsixel) is a use-after-free in sixel_encoder_encode_bytes() affecting libsixel 1.8.7 and earlier. The bug arises because sixel_frame_init() stores a caller-owned pixel buffer pointer directly in frame->pixels without copying. On a subsequent resize, sixel_frame_convert_to_rgb...

7.3CVSS6AI score0.00247EPSS
CVE
CVE
added 2026/04/14 9:49 p.m.13 views

CVE-2026-33019

Summary: The issue affects libsixel versions up to 1.8.7 and prior, where the --crop handling in img2sixel can overflow when coordinates are large. In sixel_encoder_do_clip(), clip_w + clip_x overflows for clip_x = INT_MAX, bypassing bounds checks and allowing an unclamped coordinate to reach six...

7.1CVSS5.9AI score0.00256EPSS