CVE-2026-33019

Name of the Vulnerable Software and Affected Versions libsixel versions prior to 1.8.7-r1

Description An integer overflow exists in the handling of the '--crop' option in img2sixel. When positive coordinates up to INT MAX are provided, the sixel encoder do clip() function fails to perform overflow-safe bounds checking. Specifically, the expression clip w + clip x can overflow to a large negative value if clip x is INT MAX, bypassing the bounds guard. This allows an unclamped coordinate to be passed through sixel frame clip() to clip(), which calculates a source pointer far beyond the image buffer and passes it to memmove(). An attacker can use a specially crafted crop argument with any valid image to trigger an out-of-bounds read in the heap, leading to a crash and potential information disclosure.

Recommendations Update to version 1.8.7-r1.