CVE-2021-45340 — NULL Pointer Dereference in Project Libsixel

CWE-476 — NULL Pointer Dereference5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 65.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libsixel Project Libsixel

Timeline

PublishedJan 25

Latest updateJan 26

Description

In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶Debianlibsixel_project/libsixel< 1.10.5-1+1

▶NVDlibsixel_project/libsixel1.10.3

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-7xr9-9g9p-xmfp: In Libsixel prior to and including v1↗2022-01-26

▶

OSV

CVE-2021-45340: In Libsixel prior to and including v1↗2022-01-25

▶

CVEList

CVE-2021-45340: In Libsixel prior to and including v1↗2022-01-25

▶

📋Vendor Advisories

Debian

CVE-2021-45340: libsixel - In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the st...↗2021

▶