Description: "load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service." No fix upstream yet.
"Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6." https://github.com/saitoha/libsixel/issues/136
The linked upstream seems to be dead, and there's a fork with fixes to both issues: https://github.com/libsixel/libsixel/commit/e71aacc97b5f756948b13c1228877d29395c7b55 https://github.com/libsixel/libsixel/commit/05e5d21d065c663ec7a83d185974f4c252314968 Please bump and use the new upstream.
*** Bug 783516 has been marked as a duplicate of this bug. ***
CVE-2020-36120 (https://github.com/saitoha/libsixel/issues/143): Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS).
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8990f8a32cf506e4d47ae6c365ab121227a925da commit 8990f8a32cf506e4d47ae6c365ab121227a925da Author: Akinori Hattori <hattya@gentoo.org> AuthorDate: 2021-10-01 13:51:31 +0000 Commit: Akinori Hattori <hattya@gentoo.org> CommitDate: 2021-10-01 13:51:31 +0000 media-libs/libsixel: new upstream release Bug: https://bugs.gentoo.org/717254 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Akinori Hattori <hattya@gentoo.org> media-libs/libsixel/Manifest | 1 + media-libs/libsixel/files/libsixel-meson.patch | 65 ++++++++++++++++++++ media-libs/libsixel/libsixel-1.10.3.ebuild | 85 ++++++++++++++++++++++++++ media-libs/libsixel/metadata.xml | 1 + 4 files changed, 152 insertions(+)
Looks like the last CVE hasn't been fixed in libsixel/libsixel, reported at: https://github.com/libsixel/libsixel/issues/46
Looks like that upstream PR to fix the vulnerability by changing API got never merged, unfortunately.
