CVE-2026-44638

Published: Mag 14, 2026 Last Modified: Mag 15, 2026
ExploitDB:
Other exploit source:
Google Dorks:
LOW 2,5
Source: [email protected]
Attack Vector: local
Attack Complexity: high
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: low

Description

AI Translation Available

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_decode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the output parameter (always non-NULL) instead of the value the malloc returned. On allocation failure, the function continues and writes through a NULL pointer, crashing the process. This is a denial of service against any caller of these public APIs that hits a low-memory condition. This vulnerability is fixed in 1.8.7-r2.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0001
Percentile
0,0th
Updated

EPSS Score Trend (Last 6 Days)

476

NULL Pointer Dereference

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Integrity Confidentiality
Potential Impacts:
Dos: Crash, Exit, Or Restart Execute Unauthorized Code Or Commands Read Memory Modify Memory
Applicable Platforms
Languages: C, C++, Java, C#, Go
Likelihood of Exploit: Medium
View CWE Details
690

Unchecked Return Value to NULL Pointer Dereference

Draft
Abstraction: Compound Structure: Chain
Common Consequences
Security Scopes Affected:
Availability Integrity Confidentiality
Potential Impacts:
Dos: Crash, Exit, Or Restart Execute Unauthorized Code Or Commands Read Memory Modify Memory
Applicable Platforms
Languages: Memory-Unsafe, C, C++
View CWE Details
Application

Libsixel by Saitoha

Product Information
Vendor Saitoha
Product Libsixel
Version Range Affected
From 1.0.0 (inclusive)
To 1.8.7-r2 (exclusive)
cpe:2.3:a:saitoha:libsixel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/saitoha/libsixel/security/advisories/GHS…
https://github.com/saitoha/libsixel/security/advisories/GHSA-wpx3-h5g8-qr3w
https://github.com/saitoha/libsixel/security/advisories/GHS…
https://github.com/saitoha/libsixel/security/advisories/GHSA-wpx3-h5g8-qr3w