Out-of-bounds Read The advisory has been revoked - it doesn't affect any version of package libsixel  (opens in a new tab)


Threat Intelligence

EPSS
0.05% (25th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UBUNTU1910-LIBSIXEL-584105
  • published9 Sept 2019
  • disclosed30 Nov 2018

Introduced: 30 Nov 2018

CVE-2018-19763  (opens in a new tab)
CWE-125  (opens in a new tab)

Amendment

The Ubuntu security team deemed this advisory irrelevant for Ubuntu:19.10.

NVD Description

Note: Versions mentioned in the description apply only to the upstream libsixel package and not the libsixel package as distributed by Ubuntu.

There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service.