13 matches found
CVE-2019-20023
CVE-2019-20023 refers to a memory leak in libsixel 1.8.4’s image_buffer_resize (fromsixel.c). Red Hat and NVD entries reiter the same description. Nessus indicates unpatched status for some Linux distros. PTSecurity advisories describe multiple Libsixel-related issues with affected ranges (e.g., ...
CVE-2019-20024
CVE-2019-20024 impacts libsixel: a heap-based buffer overflow in image_buffer_resize (fromsixel.c) occurs in all versions before 1.8.4. The Red Hat entry reproduces this, and multiple PTSecurity notes discuss related libsixel issues. Public references indicate the vulnerability exists in the ment...
CVE-2019-20022
CVE-2019-20022 is an invalid memory address dereference in/libsixel's load_pnm (frompnm.c) prior to 1.8.3. Red Hat documents the same description; Nessus notes unpatched status for some Linux distros. Mitigation per sources: upgrade to libsixel 1.8.3+ or later. Some PTSecurity entries discuss rel...
CVE-2022-27938
CVE-2022-27938 affects stb_image.h version 2.19 (used by libsixel and other products). The issue is a reachable assertion in stbi__create_png_image_raw. Documented impact indicates a local impact with a high availability impact per CVSS 3.1 (vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) a...
CVE-2020-21050
CVE-2020-21050 affects libsixel prior to v1.8.3, due to a stack buffer overflow in gif_process_raster at fromgif.c. The connected sources confirm the flaw and indicate fixes in later releases (e.g., v1.8.3+; upstream changelog mentions v1.8.5). Remediation is to upgradelibsixel to a version conta...
CVE-2020-21049
CVE-2020-21049 affects the libsixel project. An invalid read in the stb_image.h component prior to v1.8.5 allows an attacker to cause a Denial of Service (DOS) via a crafted PSD file. Affected software is/libsixel prior to 1.8.5 (per multiple sources). The documented impact is a DOS, with no expl...
CVE-2020-21048
CVE-2020-21048 affects the libsixel library, specifically the dither.c component, with a vulnerability present in versions prior to 1.8.4 that allows a crafted PNG to trigger a denial of service. The issue is documented as a DOS condition via crafted PNG input and is addressed by upgrading to lib...
CVE-2025-9300
CVE-2025-9300 affects libsixel (saitoha/libsixel) up to 1.10.3. The vuln targets the function sixel_debug_print_palette in src/encoder.c (img2sixel) and causes a stack-based buffer overflow. Successful exploitation requires local access; public exploit is available. The patch is identified by com...
CVE-2026-33018
libsixel 1.8.7 and prior contain a heap use‑after‑free in load_gif() (fromgif.c): a single sixel_frame_t is reused across all frames of an animated GIF and gif_init_frame() frees/reallocates frame->pixels between frames regardless of reference counts. A callback using sixel_frame_get_pixels() ...
CVE-2026-33020
libsixel versions up to 1.8.7 are affected by an integer overflow in sixel_frame_convert_to_rgb888() that causes a heap buffer overflow when handling palettised images (PAL1, PAL2, PAL4). The allocation size and pointer arithmetic use int, leading to an undersized heap allocation and negative off...
CVE-2025-61146
CVE-2025-61146 affects the libsixel library up to version 1.8.7, where a memory leak is reported in malloc_stub.c. The included metrics indicate a local, low-complexity attack with a MEDIUM base score (CVSS 3.1: AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fedora advisories (FEDORA-2026-a800d3417b and F...
CVE-2026-33021
CVE-2026-33021 (libsixel) is a use-after-free in sixel_encoder_encode_bytes() affecting libsixel 1.8.7 and earlier. The bug arises because sixel_frame_init() stores a caller-owned pixel buffer pointer directly in frame->pixels without copying. On a subsequent resize, sixel_frame_convert_to_rgb...
CVE-2026-33019
Summary: The issue affects libsixel versions up to 1.8.7 and prior, where the --crop handling in img2sixel can overflow when coordinates are large. In sixel_encoder_do_clip(), clip_w + clip_x overflows for clip_x = INT_MAX, bypassing bounds checks and allowing an unclamped coordinate to reach six...