CVE-2021-45340
published 2022-01-25CVE-2021-45340: In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libsixel | < libsixel 1.10.5-1 (forky) | libsixel 1.10.5-1 (forky) |
| debian | libstb | < libsixel 1.10.5-1 (forky) | libsixel 1.10.5-1 (forky) |
| libsixel | libsixel | <= 1.10.3 | — |
| libsixel_project | libsixel | >= 0 < 1.10.5-1 | 1.10.5-1 |
| libsixel_project | libsixel | >= 0 < 1.10.5-1 | 1.10.5-1 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM