CVE-2026-44637

Published: Mag 14, 2026 Last Modified: Mag 15, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,1
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: high

Description

AI Translation Available

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixel_decode_raw_impl. context->pos_x grows by repeat_count on every sixel character with no upper bound check. Once pos_x approaches INT_MAX, the expression 'pos_x + repeat_count' used to size the image buffer overflows signed int. Depending on how the overflow wraps, the resize check that should reject oversized buffers can be bypassed, after which a subsequent write computes a large attacker-influenced offset into image->data and writes past the allocation. Reachable from any caller that decodes attacker-supplied SIXEL data, including img2sixel. This vulnerability is fixed in 1.8.7-r2.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0001
Percentile
0,0th
Updated

EPSS Score Trend (Last 6 Days)

190

Integer Overflow or Wraparound

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Integrity Confidentiality Access Control Other
Potential Impacts:
Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Memory) Dos: Instability Modify Memory Execute Unauthorized Code Or Commands Bypass Protection Mechanism Alter Execution Logic Dos: Resource Consumption (Cpu)
Applicable Platforms
Languages: Not Language-Specific, C
Likelihood of Exploit: Medium
View CWE Details
787

Out-of-bounds Write

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Availability Other
Potential Impacts:
Modify Memory Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Unexpected State
Applicable Platforms
Languages: Memory-Unsafe, C, C++, Assembly
Technologies: ICS/OT
Likelihood of Exploit: High
View CWE Details
Application

Libsixel by Saitoha

Product Information
Vendor Saitoha
Product Libsixel
Version Range Affected
From 0.11.0 (inclusive)
To 1.8.7-r2 (exclusive)
cpe:2.3:a:saitoha:libsixel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/saitoha/libsixel/security/advisories/GHS…
https://github.com/saitoha/libsixel/security/advisories/GHSA-9jm7-77gr-qghv
https://github.com/saitoha/libsixel/security/advisories/GHS…
https://github.com/saitoha/libsixel/security/advisories/GHSA-9jm7-77gr-qghv