SIXEL Buffer Overflow in libsixel Affects Multiple Versions
CVE-2026-44637

7.1HIGH

Key Information:

Vendor: Saitoha
Status: Libsixel
Vendor: CVE Published:; 14 May 2026

What is CVE-2026-44637?

libsixel, a SIXEL encoder/decoder, contains a vulnerability due to a signed integer overflow in its image-buffer doubling mechanism. Specifically, the issue arises in the SIXEL parser's handling of the 'repeat_count' during the decoding process. When 'pos_x' (which increases with each SIXEL character) approaches INT_MAX, an overflow can occur when sizing the image buffer. This unchecked condition allows for an out-of-bounds write into the image's data area, which can be exploited by attackers through specially crafted SIXEL data. This vulnerability can be triggered by any user or system capable of invoking the decoding function, including the img2sixel tool. The issue has been addressed in subsequent versions of the product.

Affected Version(s)

libsixel >= 0.11.0, < 1.8.7-r2

References

https://github.com/saitoha/libsixel/security/advisories/G...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44637 Data

JSON

Saitoha

What is CVE-2026-44637?

Affected Version(s)

References

CVSS V3.1

Timeline