CVE-2026-44638
libsixel: NULL pointer dereference
CVSS Score
2.5
EPSS Score
0.0%
EPSS Percentile
0th
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_decode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the output parameter (always non-NULL) instead of the value the malloc returned. On allocation failure, the function continues and writes through a NULL pointer, crashing the process. This is a denial of service against any caller of these public APIs that hits a low-memory condition. This vulnerability is fixed in 1.8.7-r2.
| CWE | CWE-476 CWE-690 |
| Vendor | saitoha |
| Product | libsixel |
| Published | May 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for saitoha libsixel
Be the first to know when new low vulnerabilities affecting saitoha libsixel are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Affected Versions
saitoha / libsixel
>= 1.0.0, < 1.8.7-r2