CVE-2026-44636: CWE-122: Heap-based Buffer Overflow in saitoha libsixel
libsixel versions from 1. 4. 4 up to but not including 1. 8. 7-r2 contain a heap-based buffer overflow vulnerability due to a signed integer overflow in the allocation size calculation within the sixel_encode_highcolor function. This occurs when width and height parameters multiply to a value exceeding INT_MAX, causing an allocation size wrap and subsequent buffer overflow. The vulnerability is fixed in version 1. 8. 7-r2. The CVSS score is 7.
AI Analysis
Technical Summary
The vulnerability in saitoha's libsixel (CVE-2026-44636) arises from a signed integer overflow during allocation size calculation in the sixel_encode_highcolor function. The public sixel_encode entry point only validates that width and height are greater than zero but does not enforce an upper bound. When the product of width and height exceeds INT_MAX (~2.15 billion), the allocation size calculation wraps around, resulting in a smaller-than-expected heap allocation. This leads to a heap-based buffer overflow when the encoder writes beyond the allocated buffer. Versions affected are from 1.4.4 up to 1.8.7-r1. The issue is resolved in version 1.8.7-r2.
Potential Impact
Successful exploitation can lead to heap-based buffer overflow, which may cause application crashes or potentially allow arbitrary code execution. The CVSS vector indicates local attack vector with high complexity and no privileges or user interaction required, impacting confidentiality, integrity, and availability.
Mitigation Recommendations
Upgrade libsixel to version 1.8.7-r2 or later, where this vulnerability is fixed. Since no official patch links or advisories are provided, users should verify the version in use and apply the update accordingly. Patch status is not explicitly confirmed beyond the stated fix version; check the vendor or project repository for the official release containing the fix.
CVE-2026-44636: CWE-122: Heap-based Buffer Overflow in saitoha libsixel
Description
libsixel versions from 1. 4. 4 up to but not including 1. 8. 7-r2 contain a heap-based buffer overflow vulnerability due to a signed integer overflow in the allocation size calculation within the sixel_encode_highcolor function. This occurs when width and height parameters multiply to a value exceeding INT_MAX, causing an allocation size wrap and subsequent buffer overflow. The vulnerability is fixed in version 1. 8. 7-r2. The CVSS score is 7.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in saitoha's libsixel (CVE-2026-44636) arises from a signed integer overflow during allocation size calculation in the sixel_encode_highcolor function. The public sixel_encode entry point only validates that width and height are greater than zero but does not enforce an upper bound. When the product of width and height exceeds INT_MAX (~2.15 billion), the allocation size calculation wraps around, resulting in a smaller-than-expected heap allocation. This leads to a heap-based buffer overflow when the encoder writes beyond the allocated buffer. Versions affected are from 1.4.4 up to 1.8.7-r1. The issue is resolved in version 1.8.7-r2.
Potential Impact
Successful exploitation can lead to heap-based buffer overflow, which may cause application crashes or potentially allow arbitrary code execution. The CVSS vector indicates local attack vector with high complexity and no privileges or user interaction required, impacting confidentiality, integrity, and availability.
Mitigation Recommendations
Upgrade libsixel to version 1.8.7-r2 or later, where this vulnerability is fixed. Since no official patch links or advisories are provided, users should verify the version in use and apply the update accordingly. Patch status is not explicitly confirmed beyond the stated fix version; check the vendor or project repository for the official release containing the fix.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-07T15:30:10.875Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a062b58ec166c07b00deb4a
Added to database: 5/14/2026, 8:06:48 PM
Last enriched: 5/14/2026, 8:22:26 PM
Last updated: 5/15/2026, 7:45:22 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.