VYPR

Libsixel

by Saitoha

Source repositories

CVEs (51)

  • CVE-2018-19759MedNov 30, 2018
    risk 0.36cvss 5.5epss 0.01

    There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service.

  • CVE-2018-19756MedNov 30, 2018
    risk 0.36cvss 5.5epss 0.01

    There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service.

  • CVE-2020-21050MedSep 14, 2021
    risk 0.35cvss 6.5epss 0.01

    Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c.

  • CVE-2020-21049MedSep 14, 2021
    risk 0.35cvss 6.5epss 0.01

    An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file.

  • CVE-2020-21048MedSep 14, 2021
    risk 0.35cvss 6.5epss 0.01

    An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file.

  • CVE-2019-20024MedDec 27, 2019
    risk 0.35cvss 6.5epss 0.01

    A heap-based buffer overflow was discovered in image_buffer_resize in fromsixel.c in libsixel before 1.8.4.

  • CVE-2019-20023MedDec 27, 2019
    risk 0.35cvss 6.5epss 0.01

    A memory leak was discovered in image_buffer_resize in fromsixel.c in libsixel 1.8.4.

  • CVE-2019-20022MedDec 27, 2019
    risk 0.35cvss 6.5epss 0.01

    An invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3.

  • CVE-2025-9300MedAug 21, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be initiated from a local…

  • CVE-2025-61146MedFeb 23, 2026
    risk 0.19cvss 4.0epss 0.00

    saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c.

  • CVE-2026-44638LowMay 14, 2026
    risk 0.16cvss 2.5epss 0.00

    libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_decode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the…

Page 3 of 3