Hayaki Saito

16 exploits Active since Sep 2021
CVE-2020-21048 WRITEUP MEDIUM WRITEUP
libsixel < 1.8.4 - Denial of Service via Crafted PNG File
An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file.
CVSS 6.5
CVE-2020-21049 WRITEUP MEDIUM WRITEUP
libsixel < 1.8.5 - Denial of Service via Crafted PSD File
An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file.
CVSS 6.5
CVE-2020-21050 WRITEUP MEDIUM WRITEUP
libsixel < 1.8.3 - Stack Buffer Overflow in gif_process_raster Function
Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c.
CVSS 6.5
CVE-2023-45663 WRITEUP MEDIUM WRITEUP
stb_image.h - Use of Uninitialized Resource in stbi__getn Return Value Handling
stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer.
CVSS 5.3
CVE-2023-45661 WRITEUP MEDIUM WRITEUP
stb_image.h - Out-of-bounds Read in stbi__gif_load_next
stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information.
CVSS 6.5
CVE-2023-45666 WRITEUP HIGH WRITEUP
stb_image.h - Double Free in stbi__load_gif_main
stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed
CVSS 7.3
CVE-2025-61146 WRITEUP MEDIUM WRITEUP
saitoha libsixel <1.8.7 - Memory Corruption
saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c.
CVSS 4.0
CVE-2020-21048 WRITEUP MEDIUM WRITEUP
libsixel < 1.8.4 - Denial of Service via Crafted PNG File
An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file.
CVSS 6.5
CVE-2020-21049 WRITEUP MEDIUM WRITEUP
libsixel < 1.8.5 - Denial of Service via Crafted PSD File
An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file.
CVSS 6.5
CVE-2020-21050 WRITEUP MEDIUM WRITEUP
libsixel < 1.8.3 - Stack Buffer Overflow in gif_process_raster Function
Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c.
CVSS 6.5
CVE-2023-45661 WRITEUP MEDIUM WRITEUP
stb_image.h - Out-of-bounds Read in stbi__gif_load_next
stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information.
CVSS 6.5
CVE-2023-45663 WRITEUP MEDIUM WRITEUP
stb_image.h - Use of Uninitialized Resource in stbi__getn Return Value Handling
stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer.
CVSS 5.3
CVE-2023-45664 WRITEUP HIGH WRITEUP
stb_image.h - Double Free in stbi__load_gif_main_outofmem
stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution.
CVSS 7.3
CVE-2023-45666 WRITEUP HIGH WRITEUP
stb_image.h - Double Free in stbi__load_gif_main
stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed
CVSS 7.3
CVE-2023-45667 WRITEUP MEDIUM WRITEUP
stb_image.h - Null Pointer Dereference in stbi__vertical_flip_slices
stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash.
CVSS 5.3
CVE-2025-9300 WRITEUP MEDIUM WRITEUP
saitoha libsixel <1.10.3 - Buffer Overflow
A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is identified as 316c086e79d66b62c0c4bc66229ee894e4fdb7d1. Applying a patch is advised to resolve this issue.
CVSS 5.3