PT-2026-41032 · Libsixel · Libsixel

Saitoh

Published

2026-05-14

Updated

2026-05-16

CVE-2026-44636

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libsixel versions prior to 1.8.7-r2

Description A signed integer overflow exists in the allocation size calculation of the sixel encode highcolor() function. The sixel encode entry point only verifies that width and height are greater than zero without enforcing an upper bound. When these values are multiplied as plain integers to compute the allocation size for paletted pixels and normalized pixels, a product exceeding INT MAX (approximately 2.15 billion) causes the allocation size to wrap. This results in a heap buffer overflow when the encoder writes data beyond the end of the undersized buffer allocated by malloc.

Recommendations Update to version 1.8.7-r2.

Exploit

Fix

Heap Based Buffer Overflow

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-190

Related Identifiers

CVE-2026-44636

Affected Products

Libsixel

PT-2026-41032 · Libsixel · Libsixel

CVE-2026-44636

Weakness Enumeration

Related Identifiers

Affected Products

References · 9