Package libsixel updated to version 1.10.3-alt1 for branch p10 in task 317774.

Published: 2020-04-12
Modified: 2024-11-21

CVE-2020-11721

load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

https://github.com/saitoha/libsixel/issues/134
https://github.com/saitoha/libsixel/issues/134

Published: 2020-11-20
Modified: 2024-11-21

CVE-2020-19668

Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

https://github.com/saitoha/libsixel/issues/136
https://github.com/saitoha/libsixel/issues/136

Published: 2022-04-08
Modified: 2024-11-21

CVE-2021-40656

libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

https://github.com/libsixel/libsixel/issues/25
https://github.com/libsixel/libsixel/issues/25

Version: 2.1.0

Package libsixel update in p10 on 2023-04-07

ALT-PU-2023-1591-1

Closed vulnerabilities

CVE-2020-11721

CVE-2020-19668

CVE-2021-40656