CVE-2020-21677
published 2021-08-10CVE-2020-21677: A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file into Sixel format.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libsixel | < libsixel 1.8.6-1 (bookworm) | libsixel 1.8.6-1 (bookworm) |
| libsixel_project | libsixel | >= 0 < 1.8.6-1 | 1.8.6-1 |
| libsixel_project | libsixel | >= 0 < 1.8.6-1 | 1.8.6-1 |
| libsixel_project | libsixel | >= 0 < 1.8.6-1 | 1.8.6-1 |
| libsixel_project | libsixel | >= 0 < 1.8.6-1 | 1.8.6-1 |
| saitoha | libsixel | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM