Vulnerability Description
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_decode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the output parameter (always non-NULL) instead of the value the malloc returned. On allocation failure, the function continues and writes through a NULL pointer, crashing the process. This is a denial of service against any caller of these public APIs that hits a low-memory condition. This vulnerability is fixed in 1.8.7-r2.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Saitoha | Libsixel | >= 1.0.0, < 1.8.7-r2 |
Related Weaknesses (CWE)
References
- https://github.com/saitoha/libsixel/security/advisories/GHSA-wpx3-h5g8-qr3wExploitVendor Advisory
- https://github.com/saitoha/libsixel/security/advisories/GHSA-wpx3-h5g8-qr3wExploitVendor Advisory
FAQ
What is CVE-2026-44638?
CVE-2026-44638 is a vulnerability with a CVSS score of 2.5 (LOW). libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_decode causes a NULL pointer...
How severe is CVE-2026-44638?
CVE-2026-44638 has been rated LOW with a CVSS base score of 2.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-44638?
Check the references section above for vendor advisories and patch information. Affected products include: Saitoha Libsixel.