CVE-2026-33021— libsixel: Use-after-free in sixel_encoder_encode_bytes()
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-33021
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
libsixel: Use-after-free in sixel_encoder_encode_bytes()
Source: NVD (National Vulnerability Database)
Vulnerability Description
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a use-after-free vulnerability in sixel_encoder_encode_bytes() because sixel_frame_init() stores the caller-owned pixel buffer pointer directly in frame->pixels without making a defensive copy. When a resize operation is triggered, sixel_frame_convert_to_rgb888() unconditionally frees this caller-owned buffer and replaces it with a new internal allocation, leaving the caller with a dangling pointer. Any subsequent access to the original buffer by the caller constitutes a use-after-free, confirmed by AddressSanitizer. An attacker who controls incoming frames can trigger this bug repeatedly and predictably, resulting in a reliable crash with potential for code execution. This issue has been fixed in version 1.8.7-r1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
释放后使用
Source: NVD (National Vulnerability Database)
Vulnerability Title
libsixel 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
libsixel是Hayaki Saito个人开发者的一个为DEC SIXEL图形和其他转换器程序提供编码/解码实现的软件包。 libsixel 1.8.7及之前版本存在资源管理错误漏洞,该漏洞源于sixel_encoder_encode_bytes函数存在释放后重用问题,可能导致攻击者控制传入帧时触发释放后重用,造成崩溃或代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-33021
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-33021
请登录查看更多情报信息。
Same Patch Batch · saitoha · 2026-04-14 · 5 CVEs total
| CVE-2026-33023 | 7.8 HIGH | libsixel: Use-after-free in load_with_gdkpixbuf() |
| CVE-2026-33019 | 7.1 HIGH | libsixel: Integer overflow leads to Out-of-bounds Read in img2sixel |
| CVE-2026-33020 | 7.1 HIGH | libsixel: Integer Overflow in write_png_to_file() leads to Heap-based Buffer Overflow |
| CVE-2026-33018 | 7.0 HIGH | libsixel: Use-After-Free in load_gif() |
IV. Related Vulnerabilities
Same product: libsixel
- CVE-2026-33023
libsixel: Use-after-free in load_with_gdkpixbuf() - CVE-2026-33020
libsixel: Integer Overflow in write_png_to_file() leads to H - CVE-2026-33019
libsixel: Integer overflow leads to Out-of-bounds Read in im - CVE-2026-33018
libsixel: Use-After-Free in load_gif() - CVE-2025-9300
saitoha libsixel img2sixel encoder.c sixel_debug_print_palet
Same vendor: saitoha
- CVE-2026-33023
libsixel: Use-after-free in load_with_gdkpixbuf() - CVE-2026-33020
libsixel: Integer Overflow in write_png_to_file() leads to H - CVE-2026-33019
libsixel: Integer overflow leads to Out-of-bounds Read in im - CVE-2026-33018
libsixel: Use-After-Free in load_gif() - CVE-2025-9300
saitoha libsixel img2sixel encoder.c sixel_debug_print_palet
V. Comments for CVE-2026-33021
No comments yet