Skip to main content

libsixel CVE-2026-44638

| EUVDEUVD-2026-30411 LOW
NULL Pointer Dereference (CWE-476)
2026-05-14 GitHub_M
2.5
CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY
2.5 LOW
AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

3
Patch available
May 14, 2026 - 21:32 EUVD
Analysis Generated
May 14, 2026 - 21:18 vuln.today
CVE Published
May 14, 2026 - 19:59 nvd
LOW 2.5

DescriptionGitHub Advisory

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_decode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the output parameter (always non-NULL) instead of the value the malloc returned. On allocation failure, the function continues and writes through a NULL pointer, crashing the process. This is a denial of service against any caller of these public APIs that hits a low-memory condition. This vulnerability is fixed in 1.8.7-r2.

AnalysisAI

libsixel versions prior to 1.8.7-r2 crash on memory allocation failure in sixel_decode_raw and sixel_decode functions due to incorrect NULL pointer validation, allowing local attackers to trigger denial of service under low-memory conditions. The vulnerability affects any application using libsixel's public decoding APIs when system memory pressure causes malloc to fail.

Technical ContextAI

libsixel is a SIXEL encoder/decoder library that processes SIXEL graphics format data. SIXEL is a text-based graphics protocol commonly used in terminal emulators. The vulnerability exists in the sixel_decode_raw and sixel_decode functions, which allocate memory buffers for decoded image output. The root cause is CWE-476 (NULL Pointer Dereference): after calling malloc to allocate output buffers, the code incorrectly validates the allocation result by checking the address of the output parameter (which is a pointer passed by the caller and is always non-NULL) instead of checking the return value of malloc itself. When malloc returns NULL due to memory exhaustion, the null check passes incorrectly, and the function proceeds to dereference and write through the NULL pointer, causing a process crash.

RemediationAI

Upgrade libsixel to version 1.8.7-r2 or later, which includes the corrected NULL pointer validation in sixel_decode_raw and sixel_decode functions. For systems unable to immediately upgrade, no effective workaround exists at the library level since the vulnerability is intrinsic to the API implementation. Mitigation strategies include configuring memory limits via cgroups or ulimit to gracefully prevent malloc failures (trade-off: may cause legitimate out-of-memory errors to surface earlier), using memory monitoring tools to maintain sufficient headroom above libsixel's allocation requirements, or restricting libsixel API usage to trusted inputs within memory-constrained environments. Consult https://github.com/saitoha/libsixel/security/advisories/GHSA-wpx3-h5g8-qr3w for patch availability and release notes.

CVE-2019-20140 HIGH POC
8.8 Dec 30

An issue was discovered in libsixel 1.8.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, n

CVE-2019-20094 HIGH POC
8.8 Dec 30

An issue was discovered in libsixel 1.8.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, n

CVE-2019-20205 HIGH POC
8.8 Jan 02

libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c. Rated high severity (CVSS 8.8), this vulnerabil

CVE-2021-41715 HIGH POC
8.8 Apr 08

libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379. Rated high severity (CVSS 8.8), this vulne

CVE-2020-21548 HIGH POC
8.8 Sep 17

Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c. Rated high sev

CVE-2020-21547 HIGH POC
8.8 Sep 17

Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c. Rated high severity (C

CVE-2019-19778 HIGH POC
8.8 Dec 13

An issue was discovered in libsixel 1.8.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, n

CVE-2019-19777 HIGH POC
8.8 Dec 13

stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read i

CVE-2021-40656 HIGH POC
8.8 Apr 08

libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867. Rated high severity (CVSS 8.8), this

CVE-2022-27044 HIGH POC
8.8 Apr 08

libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876. Rated high severity (CVSS 8.8), this vulnerab

CVE-2022-27046 HIGH POC
8.8 Apr 08

libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388. Rated high severity (CV

CVE-2019-3574 HIGH POC
7.8 Jan 02

In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file loader.c, as demonstr

Share

CVE-2026-44638 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy