Use-After-Free Vulnerability in libsixel by saitoha
CVE-2026-33021

7.3HIGH

Key Information:

Vendor: Saitoha
Status: Libsixel
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-33021?

In versions 1.8.7 and prior, libsixel includes a use-after-free vulnerability in the sixel_encoder_encode_bytes() function. The issue arises when the sixel_frame_init() function directly stores a pointer to a caller-owned pixel buffer in frame->pixels without creating a defensive copy. When a resize operation occurs, the sixel_frame_convert_to_rgb888() function improperly frees the caller's buffer and replaces it with an internal allocation, resulting in a dangling pointer. This can lead to repeated and predictable crashes, with a potential for code execution if an attacker controls incoming frames. The vulnerability has been addressed in version 1.8.7-r1.

Affected Version(s)

libsixel < 1.8.7-r1

References

https://github.com/saitoha/libsixel/security/advisories/G...

x_refsource_CONFIRM

https://github.com/saitoha/libsixel/releases/tag/v1.8.7-r1

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Mar 17, 2026

CVE-2026-33021 Data

JSON

Saitoha

What is CVE-2026-33021?

Affected Version(s)

References

CVSS V3.1

Timeline