CVE-2025-9300

A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is identified as 316c086e79d66b62c0c4bc66229ee894e4fdb7d1. Applying a patch is advised to resolve this issue.

CVSS v3 5.3 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 3.1 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://drive.google.com/file/d/1IIvvRFgUQZcySqeoqXXhsxd0HZCjClJ7/view?usp=sharing
https://github.com/saitoha/libsixel/commit/316c086e79d66b62c0c4bc66229ee894e4fdb7d1
https://github.com/saitoha/libsixel/issues/200
https://github.com/saitoha/libsixel/issues/200#issuecomment-3178785635
https://vuldb.com/?ctiid.320905
https://vuldb.com/?id.320905
https://vuldb.com/?submit.632366
https://github.com/saitoha/libsixel/commit/316c086e79d66b62c0c4bc66229ee894e4fdb7d1
https://github.com/saitoha/libsixel/issues/200
https://github.com/saitoha/libsixel/issues/200#issuecomment-3178785635
https://vuldb.com/?submit.632366

Configurations

No configuration.

History

22 Aug 2025, 18:09

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad en saitoha libsixel hasta la versión 1.10.3. Este problema afecta a la función sixel_debug_print_palette del archivo src/encoder.c del componente img2sixel. La manipulación provoca un desbordamiento del búfer en la pila. El ataque debe iniciarse localmente. Se ha hecho público el exploit y puede que sea utilizado. El parche se identifica como 316c086e79d66b62c0c4bc66229ee894e4fdb7d1. Se recomienda aplicar un parche para resolver este problema.

21 Aug 2025, 15:15

Type	Values Removed	Values Added
References	~~() https://github.com/saitoha/libsixel/commit/316c086e79d66b62c0c4bc66229ee894e4fdb7d1 -~~	() https://github.com/saitoha/libsixel/commit/316c086e79d66b62c0c4bc66229ee894e4fdb7d1 -
References	~~() https://github.com/saitoha/libsixel/issues/200 -~~	() https://github.com/saitoha/libsixel/issues/200 -
References	~~() https://github.com/saitoha/libsixel/issues/200#issuecomment-3178785635 -~~	() https://github.com/saitoha/libsixel/issues/200#issuecomment-3178785635 -
References	~~() https://vuldb.com/?submit.632366 -~~	() https://vuldb.com/?submit.632366 -

21 Aug 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-21 13:15

Updated : 2025-08-22 18:09

NVD link : CVE-2025-9300

Mitre link : CVE-2025-9300

CVE.ORG link : CVE-2025-9300

JSON object : View

Products Affected

No product.

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-121

Stack-based Buffer Overflow

5.3 /10