Description

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the load_gif() function in fromgif.c, where a single sixel_frame_t object is reused across all frames of an animated GIF and gif_init_frame() unconditionally frees and reallocates frame->pixels between frames without consulting the object's reference count. Because the public API explicitly provides sixel_frame_ref() to retain a frame and sixel_frame_get_pixels() to access the raw pixel buffer, a callback following this documented usage pattern will hold a dangling pointer after the second frame is decoded, resulting in a heap use-after-free confirmed by ASAN. Any application using sixel_helper_load_image_file() with a multi-frame callback to process user-supplied animated GIFs is affected, with a reliable crash as the minimum impact and potential for code execution. This issue has been fixed in version 1.8.7-r1.

INFO

Published Date :

2026-04-14T21:45:42.261Z

Last Modified :

2026-04-16T13:53:25.060Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-33018 vulnerability.

Vendors Products
Saitoha
  • Libsixel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-33018.

URL Resource
https://github.com/saitoha/libsixel/releases/tag/v1.8.7-r1 cve-icon cve-icon cve-icon
https://github.com/saitoha/libsixel/security/advisories/GHSA-w46f-jr9f-rgvp cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-33018 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-33018 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact