Libsixel
by Saitoha
Source repositories
CVEs (51)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-19759 | Med | 0.36 | 5.5 | 0.01 | Nov 30, 2018 | There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service. | ||
| CVE-2018-19756 | Med | 0.36 | 5.5 | 0.01 | Nov 30, 2018 | There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service. | ||
| CVE-2020-21050 | Med | 0.35 | 6.5 | 0.01 | Sep 14, 2021 | Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c. | ||
| CVE-2020-21049 | Med | 0.35 | 6.5 | 0.01 | Sep 14, 2021 | An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file. | ||
| CVE-2020-21048 | Med | 0.35 | 6.5 | 0.01 | Sep 14, 2021 | An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file. | ||
| CVE-2019-20024 | Med | 0.35 | 6.5 | 0.01 | Dec 27, 2019 | A heap-based buffer overflow was discovered in image_buffer_resize in fromsixel.c in libsixel before 1.8.4. | ||
| CVE-2019-20023 | Med | 0.35 | 6.5 | 0.01 | Dec 27, 2019 | A memory leak was discovered in image_buffer_resize in fromsixel.c in libsixel 1.8.4. | ||
| CVE-2019-20022 | Med | 0.35 | 6.5 | 0.01 | Dec 27, 2019 | An invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3. | ||
| CVE-2025-9300 | Med | 0.34 | 5.3 | 0.00 | Aug 21, 2025 | A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be initiated from a local… | ||
| CVE-2025-61146 | Med | 0.19 | 4.0 | 0.00 | Feb 23, 2026 | saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c. | ||
| CVE-2026-44638 | Low | 0.16 | 2.5 | 0.00 | May 14, 2026 | libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_decode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the… |
- risk 0.36cvss 5.5epss 0.01
There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service.
- risk 0.36cvss 5.5epss 0.01
There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service.
- risk 0.35cvss 6.5epss 0.01
Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c.
- risk 0.35cvss 6.5epss 0.01
An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file.
- risk 0.35cvss 6.5epss 0.01
An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file.
- risk 0.35cvss 6.5epss 0.01
A heap-based buffer overflow was discovered in image_buffer_resize in fromsixel.c in libsixel before 1.8.4.
- risk 0.35cvss 6.5epss 0.01
A memory leak was discovered in image_buffer_resize in fromsixel.c in libsixel 1.8.4.
- risk 0.35cvss 6.5epss 0.01
An invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3.
- risk 0.34cvss 5.3epss 0.00
A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be initiated from a local…
- risk 0.19cvss 4.0epss 0.00
saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c.
- risk 0.16cvss 2.5epss 0.00
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_decode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the…
Page 3 of 3