CVE-2026-33019Out-of-bounds Read in Libsixel

CWE-125Out-of-bounds ReadCWE-190Integer Overflow or Wraparound5 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 97.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Saitoha Libsixel
Timeline
PublishedApr 14
Latest updateApr 15

Description

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow leading to an out-of-bounds heap read in the --crop option handling of img2sixel, where positive coordinates up to INT_MAX are accepted without overflow-safe bounds checking. In sixel_encoder_do_clip(), the expression clip_w + clip_x overflows to a large negative value when clip_x is INT_MAX, causing the bounds guard to be skipped entirely, and the unclamped coordin

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages1 packages

CVEListV5saitoha/libsixel< 1.8.7-r1

🔴Vulnerability Details

1
CVEList
libsixel: Integer overflow leads to Out-of-bounds Read in img2sixel2026-04-14

📋Vendor Advisories

1
Red Hat
libsixel: libsixel: Denial of Service and Information Disclosure via integer overflow in crop option2026-04-14

💬Community

2
Bugzilla
CVE-2026-33019 libsixel: libsixel: Denial of Service and Information Disclosure via integer overflow in crop option [fedora-all]2026-04-15
Bugzilla
CVE-2026-33019 libsixel: libsixel: Denial of Service and Information Disclosure via integer overflow in crop option2026-04-14
CVE-2026-33019 — Out-of-bounds Read in Saitoha Libsixel | cvebase