Skip to main content

Libsixel

48 CVEs product

Monthly

CVE-2026-44638 LOW PATCH Monitor

libsixel versions prior to 1.8.7-r2 crash on memory allocation failure in sixel_decode_raw and sixel_decode functions due to incorrect NULL pointer validation, allowing local attackers to trigger denial of service under low-memory conditions. The vulnerability affects any application using libsixel's public decoding APIs when system memory pressure causes malloc to fail.

Denial Of Service Null Pointer Dereference Libsixel
NVD GitHub VulDB
CVSS 3.1
2.5
EPSS
0.0%
CVE-2026-33020 HIGH PATCH This Week

Heap buffer overflow in libsixel 1.8.7 and earlier allows local attackers to achieve arbitrary code execution by providing a maliciously crafted large palettised PNG image that triggers integer overflow in RGB888 conversion routines. The vulnerability requires user interaction to process the malicious image but no authentication. EPSS data not available; no public exploit identified at time of analysis, though the technical details in the advisory provide sufficient information for weaponization. Vendor-released patch: version 1.8.7-r1.

Heap Overflow Buffer Overflow RCE Libsixel
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-33019 HIGH PATCH This Week

Out-of-bounds heap read in libsixel img2sixel via integer overflow allows local attackers to crash the application and potentially leak sensitive memory contents when processing malicious --crop arguments with otherwise valid images. Affects libsixel 1.8.7 and earlier; patched in 1.8.7-r1. EPSS data not available, but exploitation requires local access with user interaction (CVSS AV:L/UI:R). No CISA KEV listing; no public exploit identified at time of analysis.

Buffer Overflow Information Disclosure Libsixel
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-33018 HIGH PATCH This Week

Heap use-after-free in libsixel 1.8.7 and earlier allows local code execution when processing malicious animated GIF files through the sixel_helper_load_image_file() API with multi-frame callbacks. The vulnerability triggers when gif_init_frame() unconditionally frees and reallocates frame->pixels between frames while client code retains references via the documented sixel_frame_ref() API, creating dangling pointers confirmed by AddressSanitizer. Fixed in version 1.8.7-r1. No public exploit iden

Use After Free RCE Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-33023 HIGH PATCH This Week

Use-after-free in libsixel's gdk-pixbuf2 loader enables local attackers to achieve code execution via crafted images. Affects libsixel versions through 1.8.7 when compiled with --with-gdk-pixbuf2 option. The vulnerability stems from inconsistent memory management in load_with_gdkpixbuf(), which manually frees reference-counted frame objects, leaving dangling pointers that callbacks can access post-cleanup. CVSS 7.8 (High) with local attack vector requiring user interaction. Fixed in version 1.8.7-r1. No confirmed active exploitation (CISA KEV), though proof-of-concept feasibility is high given the deterministic nature of the memory corruption.

Information Disclosure RCE Memory Corruption Buffer Overflow Use After Free +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33021 HIGH PATCH This Week

Use-after-free in libsixel 1.8.7 and earlier enables local attackers to crash applications or execute arbitrary code via crafted SIXEL image frames. The vulnerability occurs when sixel_encoder_encode_bytes() processes resize operations that free caller-owned pixel buffers, creating dangling pointers exploitable through repeated, predictable frame manipulation. EPSS data not available; no confirmed active exploitation (not in CISA KEV), but the technical details suggest reliable exploitation potential for local privilege escalation or RCE scenarios.

Use After Free RCE Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-61146 MEDIUM PATCH This Month

saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c. [CVSS 4.0 MEDIUM]

Information Disclosure Libsixel
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2022-29978 MEDIUM POC This Month

There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-29977 MEDIUM POC This Month

There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-40656 HIGH POC This Week

libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-27046 HIGH POC This Week

libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Use After Free Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-27044 HIGH POC This Week

libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-41715 HIGH POC This Week

libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Denial Of Service Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-27938 MEDIUM POC This Month

stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libsixel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-46700 MEDIUM POC This Month

In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2021-45340 MEDIUM POC This Month

In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2020-21548 HIGH POC This Week

Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-21547 HIGH POC This Week

Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-21050 MEDIUM POC PATCH This Month

Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-21049 MEDIUM POC PATCH This Month

An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-21048 MEDIUM POC PATCH This Month

An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-21677 MEDIUM POC This Month

A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-36120 HIGH POC This Week

Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libsixel
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-19668 MEDIUM POC This Month

Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2020-11721 MEDIUM POC This Month

load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-20205 HIGH POC This Week

libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-20140 HIGH POC This Week

An issue was discovered in libsixel 1.8.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-20094 HIGH POC This Week

An issue was discovered in libsixel 1.8.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-20024 MEDIUM POC This Month

A heap-based buffer overflow was discovered in image_buffer_resize in fromsixel.c in libsixel before 1.8.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-20023 MEDIUM POC This Month

A memory leak was discovered in image_buffer_resize in fromsixel.c in libsixel 1.8.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2019-20022 MEDIUM POC This Month

An invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2019-19778 HIGH POC This Week

An issue was discovered in libsixel 1.8.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-19777 HIGH POC This Week

stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Stb Image H Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-19638 CRITICAL Act Now

An issue was discovered in libsixel 1.8.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Libsixel
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2019-19637 CRITICAL Act Now

An issue was discovered in libsixel 1.8.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Libsixel
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2019-19636 CRITICAL Act Now

An issue was discovered in libsixel 1.8.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Libsixel
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2019-19635 CRITICAL Act Now

An issue was discovered in libsixel 1.8.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2019-11024 MEDIUM POC This Month

The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libsixel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-3574 HIGH POC This Week

In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file loader.c, as demonstrated by img2sixel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsixel
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-3573 MEDIUM POC This Month

In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl() in the file fromsixel.c, as demonstrated by sixel2png. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libsixel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-19763 MEDIUM POC This Month

There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Libsixel
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-19762 HIGH POC This Week

There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Libsixel
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-19761 MEDIUM POC This Month

There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Libsixel
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-19759 MEDIUM POC This Month

There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Libsixel
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-19757 MEDIUM POC This Month

There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libsixel
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2018-19756 MEDIUM POC This Month

There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Libsixel
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-14073 HIGH This Week

libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libsixel
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2018-14072 HIGH This Week

libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, image_buffer_resize in fromsixel.c, and sixel_decode_raw in fromsixel.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libsixel
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
EPSS 0% CVSS 2.5
LOW PATCH Monitor

libsixel versions prior to 1.8.7-r2 crash on memory allocation failure in sixel_decode_raw and sixel_decode functions due to incorrect NULL pointer validation, allowing local attackers to trigger denial of service under low-memory conditions. The vulnerability affects any application using libsixel's public decoding APIs when system memory pressure causes malloc to fail.

Denial Of Service Null Pointer Dereference Libsixel
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Heap buffer overflow in libsixel 1.8.7 and earlier allows local attackers to achieve arbitrary code execution by providing a maliciously crafted large palettised PNG image that triggers integer overflow in RGB888 conversion routines. The vulnerability requires user interaction to process the malicious image but no authentication. EPSS data not available; no public exploit identified at time of analysis, though the technical details in the advisory provide sufficient information for weaponization. Vendor-released patch: version 1.8.7-r1.

Heap Overflow Buffer Overflow RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds heap read in libsixel img2sixel via integer overflow allows local attackers to crash the application and potentially leak sensitive memory contents when processing malicious --crop arguments with otherwise valid images. Affects libsixel 1.8.7 and earlier; patched in 1.8.7-r1. EPSS data not available, but exploitation requires local access with user interaction (CVSS AV:L/UI:R). No CISA KEV listing; no public exploit identified at time of analysis.

Buffer Overflow Information Disclosure Libsixel
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Heap use-after-free in libsixel 1.8.7 and earlier allows local code execution when processing malicious animated GIF files through the sixel_helper_load_image_file() API with multi-frame callbacks. The vulnerability triggers when gif_init_frame() unconditionally frees and reallocates frame->pixels between frames while client code retains references via the documented sixel_frame_ref() API, creating dangling pointers confirmed by AddressSanitizer. Fixed in version 1.8.7-r1. No public exploit iden

Use After Free RCE Memory Corruption +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in libsixel's gdk-pixbuf2 loader enables local attackers to achieve code execution via crafted images. Affects libsixel versions through 1.8.7 when compiled with --with-gdk-pixbuf2 option. The vulnerability stems from inconsistent memory management in load_with_gdkpixbuf(), which manually frees reference-counted frame objects, leaving dangling pointers that callbacks can access post-cleanup. CVSS 7.8 (High) with local attack vector requiring user interaction. Fixed in version 1.8.7-r1. No confirmed active exploitation (CISA KEV), though proof-of-concept feasibility is high given the deterministic nature of the memory corruption.

Information Disclosure RCE Memory Corruption +3
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Use-after-free in libsixel 1.8.7 and earlier enables local attackers to crash applications or execute arbitrary code via crafted SIXEL image frames. The vulnerability occurs when sixel_encoder_encode_bytes() processes resize operations that free caller-owned pixel buffers, creating dangling pointers exploitable through repeated, predictable frame manipulation. EPSS data not available; no confirmed active exploitation (not in CISA KEV), but the technical details suggest reliable exploitation potential for local privilege escalation or RCE scenarios.

Use After Free RCE Memory Corruption +1
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c. [CVSS 4.0 MEDIUM]

Information Disclosure Libsixel
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libsixel
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libsixel
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libsixel
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Use After Free +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libsixel
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libsixel
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libsixel
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libsixel
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libsixel
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsixel
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Libsixel
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Libsixel
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in libsixel 1.8.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

An issue was discovered in libsixel 1.8.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

A heap-based buffer overflow was discovered in image_buffer_resize in fromsixel.c in libsixel before 1.8.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

A memory leak was discovered in image_buffer_resize in fromsixel.c in libsixel 1.8.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libsixel
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

An invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libsixel
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

An issue was discovered in libsixel 1.8.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsixel
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Stb Image H +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered in libsixel 1.8.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Libsixel
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

An issue was discovered in libsixel 1.8.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Libsixel
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

An issue was discovered in libsixel 1.8.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Libsixel
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered in libsixel 1.8.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libsixel
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file loader.c, as demonstrated by img2sixel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsixel
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl() in the file fromsixel.c, as demonstrated by sixel2png. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libsixel
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service +1
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libsixel
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libsixel
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, image_buffer_resize in fromsixel.c, and sixel_decode_raw in fromsixel.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libsixel
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy