CVE-2026-33021: CWE-416: Use After Free in saitoha libsixel
libsixel versions prior to 1. 8. 7-r1 contain a use-after-free vulnerability in the sixel_encoder_encode_bytes() function. This occurs because the pixel buffer pointer provided by the caller is stored directly without copying, and later freed unconditionally during a resize operation, leaving the caller with a dangling pointer. An attacker controlling input frames can trigger this repeatedly, causing crashes and potential code execution. The issue is fixed in version 1. 8. 7-r1.
AI Analysis
Technical Summary
The vulnerability in saitoha libsixel (CVE-2026-33021) is a use-after-free in sixel_encoder_encode_bytes() due to sixel_frame_init() storing a caller-owned pixel buffer pointer directly in frame->pixels without making a defensive copy. When a resize triggers sixel_frame_convert_to_rgb888(), it frees the caller-owned buffer unconditionally and replaces it with a new allocation, leaving the caller with a dangling pointer. Subsequent access by the caller leads to use-after-free, confirmed by AddressSanitizer. An attacker controlling incoming frames can exploit this to cause crashes and potentially execute arbitrary code. This vulnerability affects versions prior to 1.8.7-r1 and has been fixed in that version.
Potential Impact
Successful exploitation can cause application crashes and potentially allow code execution due to use-after-free conditions. The vulnerability requires local access (AV:L) with low attack complexity and no privileges or user interaction needed. Confidentiality and integrity impacts are low, but availability impact is high due to crashes.
Mitigation Recommendations
Upgrade to libsixel version 1.8.7-r1 or later, where this vulnerability is fixed. There is no official patch link provided, but the vendor has addressed the issue in the specified version. No other mitigations are indicated.
CVE-2026-33021: CWE-416: Use After Free in saitoha libsixel
Description
libsixel versions prior to 1. 8. 7-r1 contain a use-after-free vulnerability in the sixel_encoder_encode_bytes() function. This occurs because the pixel buffer pointer provided by the caller is stored directly without copying, and later freed unconditionally during a resize operation, leaving the caller with a dangling pointer. An attacker controlling input frames can trigger this repeatedly, causing crashes and potential code execution. The issue is fixed in version 1. 8. 7-r1.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in saitoha libsixel (CVE-2026-33021) is a use-after-free in sixel_encoder_encode_bytes() due to sixel_frame_init() storing a caller-owned pixel buffer pointer directly in frame->pixels without making a defensive copy. When a resize triggers sixel_frame_convert_to_rgb888(), it frees the caller-owned buffer unconditionally and replaces it with a new allocation, leaving the caller with a dangling pointer. Subsequent access by the caller leads to use-after-free, confirmed by AddressSanitizer. An attacker controlling incoming frames can exploit this to cause crashes and potentially execute arbitrary code. This vulnerability affects versions prior to 1.8.7-r1 and has been fixed in that version.
Potential Impact
Successful exploitation can cause application crashes and potentially allow code execution due to use-after-free conditions. The vulnerability requires local access (AV:L) with low attack complexity and no privileges or user interaction needed. Confidentiality and integrity impacts are low, but availability impact is high due to crashes.
Mitigation Recommendations
Upgrade to libsixel version 1.8.7-r1 or later, where this vulnerability is fixed. There is no official patch link provided, but the vendor has addressed the issue in the specified version. No other mitigations are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-17T17:22:14.667Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69debcd482d89c981f0dfd14
Added to database: 4/14/2026, 10:16:52 PM
Last enriched: 4/14/2026, 10:31:57 PM
Last updated: 4/14/2026, 11:22:03 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.