Primary

Context

libsixel Memory Leak Vulnerability

Vulnerability

Patched

A memory leak vulnerability has been identified in libsixel versions prior to 1.8.7. The issue arises in the malloc_stub.c component, where allocated memory is not properly reused or freed, leading to a direct leak of approximately 4500 bytes. This leak was detected using AddressSanitizer while processing certain image files with the 'img2sixel' converter.

Impact

Exploitation of this vulnerability causes a memory leak, where allocated memory is not released, potentially leading to increased memory usage and degradation of performance over time.

Reproduction

The vulnerability can be reproduced by using the 'img2sixel' command-line tool with specific options that trigger the memory leak. The PoC file demonstrating this issue is available as part of the vulnerability report.

Remediation

The memory leak has been fixed in the 'develop' branch of the libsixel repository, and will be included in the next release.

Added: Feb 23, 2026, 7:26 PM

Updated: Feb 23, 2026, 9:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.8

remediation

7.7

relevance

3.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.8

remediation

7.7

relevance

3.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libsixel Memory Leak Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

saitoha libsixel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating