QwikSec

Security Database

CVE

CWE

Training

CVE-2025-9300

Published: Aug 21, 2025

Modified: Aug 21, 2025

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is identified as 316c086e79d66b62c0c4bc66229ee894e4fdb7d1. Applying a patch is advised to resolve this issue.

Vendor	Product	Versions
saitoha	libsixel	affected `1.10.0` affected `1.10.1` affected `1.10.2` affected `1.10.3`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

VDB-320905 | saitoha libsixel img2sixel encoder.c sixel_debug_print_palette stack-based overflow

vdb-entry

technical-description

VDB-320905 | CTI Indicators (IOB, IOC, IOA)

signature

permissions-required

Submit #632366 | LibSixel img2sixel LibSixel version 1.10.3 (commit 6dd664c) compiled on Aug 2 2025 and the newest master version. Heap Buffer Overflow

third-party-advisory

https://github.com/saitoha/libsixel/issues/200

issue-tracking

https://github.com/saitoha/libsixel/issues/200#issuecomment-3178785635

issue-tracking

https://drive.google.com/file/d/1IIvvRFgUQZcySqeoqXXhsxd0HZCjClJ7/view?usp=sharing

exploit

https://github.com/saitoha/libsixel/commit/316c086e79d66b62c0c4bc66229ee894e4fdb7d1

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.