saitoha / libsixel

A SIXEL encoder/decoder implementation derived from kmiya's sixel (https://github.com/saitoha/sixel).
MIT License
2.49k stars 83 forks source link

[CVE-2018-19762] heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) #81

Closed nluedtke closed 4 years ago

nluedtke commented 5 years ago

Re-posting this here to make sure you are aware.

https://nvd.nist.gov/vuln/detail/CVE-2018-19762 https://bugzilla.redhat.com/show_bug.cgi?id=1649199

gnachman commented 4 years ago

@saitoha You should really take the project down or find a new owner.

saitoha commented 4 years ago

@nluedtke Sorry for long time no reply. Fix for this problem #92 is merged into v1.8.3. Thanks.