What is the CVSS score of EUVD-2026-30412?

EUVD-2026-30412 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of libsixel are affected by EUVD-2026-30412?

libsixel versions up to 1.8.7-r1 contain a heap buffer overflow vulnerability that allows local attackers to execute arbitrary code by processing maliciously crafted SIXEL image files.. A patch is available.

libsixel EUVD-2026-30412

| CVE-2026-44637 HIGH

Integer Overflow or Wraparound (CWE-190)

2026-05-14 GitHub_M

Buffer Overflow Integer Overflow Suse

7.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

May 14, 2026 - 21:32 EUVD

Analysis Generated

May 14, 2026 - 21:16 vuln.today

CVE Published

May 14, 2026 - 20:02 nvd

HIGH 7.1

DescriptionNVD

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixel_decode_raw_impl. context->pos_x grows by repeat_count on every sixel character with no upper bound check. Once pos_x approaches INT_MAX, the expression "pos_x + repeat_count" used to size the image buffer overflows signed int. Depending on how the overflow wraps, the resize check that should reject oversized buffers can be bypassed, after which a subsequent write computes a large attacker-influenced offset into image->data and writes past the allocation. Reachable from any caller that decodes attacker-supplied SIXEL data, including img2sixel. This vulnerability is fixed in 1.8.7-r2.

AnalysisAI

Heap buffer overflow in libsixel versions up to 1.8.7-r1 enables local attackers to corrupt memory and potentially execute code by supplying maliciously crafted SIXEL image data. A signed integer overflow in the SIXEL parser's buffer resizing logic bypasses allocation size checks, allowing out-of-bounds writes with attacker-controlled offsets. …

RemediationAI

Within 24 hours: Inventory all systems and applications using libsixel and identify those running versions 1.8.7-r1 or earlier. Within 7 days: Upgrade libsixel to version 1.8.7-r2 or later on all affected systems; if unavailable in your distribution, contact your vendor for backported patches or timelines. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

EUVD-2026-30412 vulnerability details – vuln.today

Back