Description
A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is identified as 316c086e79d66b62c0c4bc66229ee894e4fdb7d1. Applying a patch is advised to resolve this issue.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.320905
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.320905
Exploit, Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.632366
Exploit, Issue Tracking issue-tracking
https://github.com/saitoha/libsixel/issues/200
Exploit, Issue Tracking issue-tracking
https://github.com/saitoha/libsixel/issues/200#issuecomment-3178785635
Scores
CVSS v3
5.3
EPSS
0.0004
EPSS Percentile
12.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-119
CWE-121
CWE-787
Status
published
Products (2)
libsixel_project/libsixel
< 1.10.3
saitoha/libsixel
< 1.8.7
Published
Aug 21, 2025
Tracked Since
Feb 18, 2026