Description
A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is identified as 316c086e79d66b62c0c4bc66229ee894e4fdb7d1. Applying a patch is advised to resolve this issue.
Es wurde eine Schwachstelle in saitoha libsixel bis 1.10.3 entdeckt. Das betrifft die Funktion sixel_debug_print_palette der Datei src/encoder.c der Komponente img2sixel. Die Manipulation führt zu stack-based buffer overflow. Der Angriff muss lokal durchgeführt werden. Der Exploit steht zur öffentlichen Verfügung. Der Name des Patches ist 316c086e79d66b62c0c4bc66229ee894e4fdb7d1. Als bestmögliche Massnahme wird Patching empfohlen.
Problem types
Product status
1.10.1
1.10.2
1.10.3
Timeline
| 2025-08-21: | Advisory disclosed |
| 2025-08-21: | VulDB entry created |
| 2025-08-21: | VulDB entry last update |
Credits
xdcao (VulDB User)
References
vuldb.com/?id.320905 (VDB-320905 | saitoha libsixel img2sixel encoder.c sixel_debug_print_palette stack-based overflow)
vuldb.com/?ctiid.320905 (VDB-320905 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/?submit.632366 (Submit #632366 | LibSixel img2sixel LibSixel version 1.10.3 (commit 6dd664c) compiled on Aug 2 2025 and the newest master version. Heap Buffer Overflow)
github.com/saitoha/libsixel/issues/200
github.com/saitoha/libsixel/issues/200
drive.google.com/...ZcySqeoqXXhsxd0HZCjClJ7/view?usp=sharing
github.com/...ommit/316c086e79d66b62c0c4bc66229ee894e4fdb7d1
