CVE-2026-33021

Name of the Vulnerable Software and Affected Versions libsixel versions prior to 1.8.7-r1

Description A use-after-free issue exists in the sixel encoder encode bytes() function. The sixel frame init() function stores the caller-owned pixel buffer pointer directly in frame->pixels without creating a defensive copy. When a resize operation occurs, sixel frame convert to rgb888() frees this caller-owned buffer and replaces it with a new internal allocation, resulting in a dangling pointer for the caller. Subsequent access to the original buffer can lead to a crash or potential code execution. An attacker controlling incoming frames can trigger this condition repeatedly.

Recommendations Update to version 1.8.7-r1.