Upstream information
Description
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_decode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the output parameter (always non-NULL) instead of the value the malloc returned. On allocation failure, the function continues and writes through a NULL pointer, crashing the process. This is a denial of service against any caller of these public APIs that hits a low-memory condition. This vulnerability is fixed in 1.8.7-r2.SUSE information
Overall state of this security issue: Revisit
This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.
| CVSS detail | CNA (GitHub) | National Vulnerability Database | SUSE |
|---|---|---|---|
| Base Score | 2.5 | 2.5 | 2.5 |
| Vector | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L |
| Attack Vector | Local | Local | Local |
| Attack Complexity | High | High | High |
| Privileges Required | None | None | None |
| User Interaction | Required | Required | Required |
| Scope | Unchanged | Unchanged | Unchanged |
| Confidentiality Impact | None | None | None |
| Integrity Impact | None | None | None |
| Availability Impact | Low | Low | Low |
| CVSSv3 Version | 3.1 | 3.1 | 3.1 |
SUSE Timeline for this CVE
CVE page created: Fri May 15 00:08:41 2026CVE page last modified: Sat May 16 11:26:28 2026