CVE-2019-3573Infinite Loop in Project Libsixel

CWE-835Infinite Loop5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 62.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libsixel Project Libsixel
Timeline
PublishedJan 2
Latest updateMay 13

Description

In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl() in the file fromsixel.c, as demonstrated by sixel2png.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debianlibsixel_project/libsixel< 1.8.2-2+3

🔴Vulnerability Details

3
GHSA
GHSA-c9j6-7rm4-w55j: In libsixel v12022-05-13
OSV
CVE-2019-3573: In libsixel v12019-01-02
CVEList
CVE-2019-3573: In libsixel v12019-01-02

📋Vendor Advisories

1
Debian
CVE-2019-3573: libsixel - In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_i...2019
CVE-2019-3573 — Infinite Loop in Project Libsixel | cvebase