Volerion logoVolerion
Volerion logoVolerion

LibSixel Heap Buffer Overflow Vulnerability in img2sixel Component

Vulnerability

A heap buffer overflow vulnerability has been identified in the LibSixel library, specifically in the img2sixel converter, version 1.10.3 and prior. The issue arises in the 'sixel_debug_print_palette' function within 'src/encoder.c', where insufficient bounds checking allows for out-of-bounds read access. This vulnerability can be exploited by processing malformed image files, leading to memory corruption and potential arbitrary code execution.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by compiling LibSixel with AddressSanitizer enabled, and then running the 'img2sixel' converter with the '--7bit-mode', '-8', '--invert', '--palette-type=auto', and '--verbose' options, along with the crafted image file 'POC_img2sixel_heap_buffer_overflow'.

Remediation

Users are advised to update to the patched version of LibSixel, which is available in the official repository.

Added: Aug 21, 2025, 1:18 PM
Updated: Aug 21, 2025, 3:31 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
2.5
exploitability
6.0
remediation
7.7
relevance
0.4
threat
6.4
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.