NVD Vulnerability Detail

CVE-2025-9300

Summary	A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is identified as 316c086e79d66b62c0c4bc66229ee894e4fdb7d1. Applying a patch is advised to resolve this issue.
Summary	Se encontró una vulnerabilidad en saitoha libsixel hasta la versión 1.10.3. Este problema afecta a la función sixel_debug_print_palette del archivo src/encoder.c del componente img2sixel. La manipulación provoca un desbordamiento del búfer en la pila. El ataque debe iniciarse localmente. Se ha hecho público el exploit y puede que sea utilizado. El parche se identifica como 316c086e79d66b62c0c4bc66229ee894e4fdb7d1. Se recomienda aplicar un parche para resolver este problema.
Publication Date	Aug. 21, 2025, 10:15 p.m.
Registration Date	April 27, 2026, 12:03 p.m.
Last Update	April 24, 2026, 10:44 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:saitoha:libsixel::::::::					1.8.7

Related information, measures and tools

No	URL	refsource
1	https://drive.google.com/file/d/1IIvvRFgUQZcySqeoqXXhsxd0HZCjClJ7/view?usp=sharing	cna@vuldb.com
2	https://github.com/saitoha/libsixel/commit/316c086e79d66b62c0c4bc66229ee894e4fdb7d1	cna@vuldb.com
3	https://github.com/saitoha/libsixel/issues/200	cna@vuldb.com
4	https://github.com/saitoha/libsixel/issues/200#issuecomment-3178785635	cna@vuldb.com
5	https://vuldb.com/?ctiid.320905	cna@vuldb.com
6	https://vuldb.com/?id.320905	cna@vuldb.com
7	https://vuldb.com/?submit.632366	cna@vuldb.com
8	https://github.com/saitoha/libsixel/commit/316c086e79d66b62c0c4bc66229ee894e4fdb7d1	134c704f-9b21-4f2e-91b3-4a467353bcc0
9	https://github.com/saitoha/libsixel/issues/200	134c704f-9b21-4f2e-91b3-4a467353bcc0
10	https://github.com/saitoha/libsixel/issues/200#issuecomment-3178785635	134c704f-9b21-4f2e-91b3-4a467353bcc0
11	https://vuldb.com/?submit.632366	134c704f-9b21-4f2e-91b3-4a467353bcc0

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html
2	CWE-121	スタックオーバーフロー	https://cwe.mitre.org/data/definitions/121.html
3	CWE-787	境界外書き込み	https://cwe.mitre.org/data/definitions/787.html

JVN Vulnerability Information

libsixel project の libsixel における境界外書き込みに関する脆弱性

Title	libsixel project の libsixel における境界外書き込みに関する脆弱性
Summary	libsixel project の libsixel には、境界外書き込みに関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。
Publication Date	Aug. 21, 2025, midnight
Registration Date	Sept. 16, 2025, 10:36 a.m.
Last Update	Sept. 16, 2025, 10:36 a.m.

Affected System

libsixel project

libsixel 1.10.3 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2025-9300	https://www.cve.org/CVERecord?id=CVE-2025-9300
National Vulnerability Database (NVD)
2	CVE-2025-9300	https://nvd.nist.gov/vuln/detail/CVE-2025-9300

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html
2	CWE-121	https://cwe.mitre.org/data/definitions/121.html
3	CWE-787	https://cwe.mitre.org/data/definitions/787.html

その他

No	Name	URL
関連文書
1	drive.google.com (1IIvvRFgUQZcySqeoqXXhsxd0HZCjClJ7)	https://drive.google.com/file/d/1IIvvRFgUQZcySqeoqXXhsxd0HZCjClJ7/view?usp=sharing
2	github.com (200#issuecomment-3178785635)	https://github.com/saitoha/libsixel/issues/200#issuecomment-3178785635
3	github.com (316c086e79d66b62c0c4bc66229ee894e4fdb7d1)	https://github.com/saitoha/libsixel/commit/316c086e79d66b62c0c4bc66229ee894e4fdb7d1
4	github.com (issues/200)	https://github.com/saitoha/libsixel/issues/200
5	vuldb.com (id.320905)	https://vuldb.com/?id.320905
6	vuldb.com (submit.632366)	https://vuldb.com/?submit.632366

Change Log

No	Changed Details	Date of change
1	[2025年09月16日] 掲載	Sept. 16, 2025, 10:36 a.m.