CVE-2026-33018— libsixel: Use-After-Free in load_gif()
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-33018
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
libsixel: Use-After-Free in load_gif()
Source: NVD (National Vulnerability Database)
Vulnerability Description
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the load_gif() function in fromgif.c, where a single sixel_frame_t object is reused across all frames of an animated GIF and gif_init_frame() unconditionally frees and reallocates frame->pixels between frames without consulting the object's reference count. Because the public API explicitly provides sixel_frame_ref() to retain a frame and sixel_frame_get_pixels() to access the raw pixel buffer, a callback following this documented usage pattern will hold a dangling pointer after the second frame is decoded, resulting in a heap use-after-free confirmed by ASAN. Any application using sixel_helper_load_image_file() with a multi-frame callback to process user-supplied animated GIFs is affected, with a reliable crash as the minimum impact and potential for code execution. This issue has been fixed in version 1.8.7-r1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
释放后使用
Source: NVD (National Vulnerability Database)
Vulnerability Title
libsixel 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
libsixel是Hayaki Saito个人开发者的一个为DEC SIXEL图形和其他转换器程序提供编码/解码实现的软件包。 libsixel 1.8.7及之前版本存在资源管理错误漏洞,该漏洞源于load_gif函数存在释放后重用问题,可能导致处理用户提供的动画GIF时发生堆释放后重用,造成崩溃或代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-33018
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-33018
请登录查看更多情报信息。
- Use-After-Free in load_gif() · Advisory · saitoha/libsixel · GitHubx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2026-33018
Same Patch Batch · saitoha · 2026-04-14 · 5 CVEs total
| CVE-2026-33023 | 7.8 HIGH | libsixel: Use-after-free in load_with_gdkpixbuf() |
| CVE-2026-33021 | 7.3 HIGH | libsixel: Use-after-free in sixel_encoder_encode_bytes() |
| CVE-2026-33019 | 7.1 HIGH | libsixel: Integer overflow leads to Out-of-bounds Read in img2sixel |
| CVE-2026-33020 | 7.1 HIGH | libsixel: Integer Overflow in write_png_to_file() leads to Heap-based Buffer Overflow |
IV. Related Vulnerabilities
Same product: libsixel
- CVE-2026-33023
libsixel: Use-after-free in load_with_gdkpixbuf() - CVE-2026-33021
libsixel: Use-after-free in sixel_encoder_encode_bytes() - CVE-2026-33020
libsixel: Integer Overflow in write_png_to_file() leads to H - CVE-2026-33019
libsixel: Integer overflow leads to Out-of-bounds Read in im - CVE-2025-9300
saitoha libsixel img2sixel encoder.c sixel_debug_print_palet
Same vendor: saitoha
- CVE-2026-33023
libsixel: Use-after-free in load_with_gdkpixbuf() - CVE-2026-33021
libsixel: Use-after-free in sixel_encoder_encode_bytes() - CVE-2026-33020
libsixel: Integer Overflow in write_png_to_file() leads to H - CVE-2026-33019
libsixel: Integer overflow leads to Out-of-bounds Read in im - CVE-2025-9300
saitoha libsixel img2sixel encoder.c sixel_debug_print_palet
V. Comments for CVE-2026-33018
No comments yet