CVE-2026-33023

Name of the Vulnerable Software and Affected Versions libsixel versions prior to 1.8.7-r1

Description A use-after-free issue exists in the load with gdkpixbuf() function within loader.c when the software is built with the --with-gdk-pixbuf2 option. The problem occurs because the cleanup path manually frees the sixel frame t object and its internal buffers without checking the reference count, despite the object being created via the refcounted constructor sixel frame new(). Consequently, any callback that uses sixel frame ref(frame) to maintain a reference will be left with a dangling pointer after sixel helper load image file() returns. An attacker can trigger this by providing a crafted image to an application built with gdk-pixbuf2 support, which may lead to memory corruption, information disclosure, or code execution.

Recommendations Update to version 1.8.7-r1.