CVE-2026-33018

Name of the Vulnerable Software and Affected Versions libsixel versions prior to 1.8.7-r1

Description A Use-After-Free issue exists in the load gif() function within fromgif.c. This occurs because a single sixel frame t object is reused across all frames of an animated GIF, and the gif init frame() function frees and reallocates frame->pixels between frames without checking the object's reference count. Applications using sixel helper load image file() with a multi-frame callback to process user-supplied animated GIFs are affected. This can lead to a heap use-after-free when a callback uses sixel frame ref() to retain a frame and sixel frame get pixels() to access the raw pixel buffer, resulting in a dangling pointer after the second frame is decoded. This may cause a crash or potential code execution.

Recommendations Update to version 1.8.7-r1.