Saitohapublished

**Name of the Vulnerable Software and Affected Versions** libsixel versions prior to 1.8.7-r2 **Description** A NULL pointer dereference occurs in the `sixel decode raw()` and `sixel decode()` functions due to an incorrect NULL check following an allocation call. The check validates the address of the output parameter rather than the value returned by `malloc()`. Consequently, if an allocation fails during a low-memory condition, the process attempts to write through a NULL pointer, leading to a crash and resulting in a denial of service for any caller of these public APIs. **Recommendations** Update to version 1.8.7-r2.