Skip to content

fix(libsixel): CVE-2026-33021, CVE-2026-33019, CVE-2026-33018#3

Open
deepin-ci-robot wants to merge 1 commit into
masterfrom
fix/CVE-2026-33021-multi
Open

fix(libsixel): CVE-2026-33021, CVE-2026-33019, CVE-2026-33018#3
deepin-ci-robot wants to merge 1 commit into
masterfrom
fix/CVE-2026-33021-multi

Conversation

@deepin-ci-robot
Copy link
Copy Markdown
Contributor

@deepin-ci-robot deepin-ci-robot commented May 21, 2026

Summary

This PR fixes multiple CVEs in libsixel:

  • CVE-2026-33021: Use-after-free in sixel_encoder_encode_bytes()
  • CVE-2026-33019: integer overflow lead to OOB Read in img2sixel
  • CVE-2026-33018: Use-After-Free in load_gif()

Changes

  • Added overflow-safe checks in sixel_encoder_encode_bytes()
  • Fixed clipping math overflow in sixel_encoder_do_clip()
  • Simplified gif_init_frame() to prevent UAF

References

Labels

  • cve
  • generated-by-ai

Generated-By: glm-5.1
Co-Authored-By: hudeng hudeng@deepin.org

@deepin-ci-robot deepin-ci-robot requested a review from BLumia May 21, 2026 18:26
@deepin-ci-robot
Copy link
Copy Markdown
Contributor Author

deepin-ci-robot commented May 21, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign zccrs for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 21, 2026
edited
Loading

TAG Bot

TAG: 1.10.5-1deepin2
EXISTED: yes
DISTRIBUTION: unstable

@hudeng-go hudeng-go force-pushed the fix/CVE-2026-33021-multi branch from 5036526 to a46bc21 Compare May 21, 2026 18:33
@hudeng-go
Copy link
Copy Markdown
Contributor

hudeng-go commented May 22, 2026

/retest github-trigger-obs-ci

@deepin-ci-robot
Copy link
Copy Markdown
Contributor Author

deepin-ci-robot commented May 22, 2026

@hudeng-go: The /retest command does not accept any targets.
The following commands are available to trigger required jobs:

  • /test github-trigger-obs-ci
  • /test hold-version-check

Use /test all to run all jobs.

Details

In response to this:

/retest github-trigger-obs-ci

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@hudeng-go hudeng-go force-pushed the fix/CVE-2026-33021-multi branch 4 times, most recently from 3d9cb60 to 64c7cff Compare May 22, 2026 07:18
@deepin-ci-robot @hudeng-go
fix(libsixel): Fix CVE-2026-33021, CVE-2026-33019, CVE-2026-33018
64e5f65 
- Fix CVE-2026-33021: Use-after-free in sixel_encoder_encode_bytes()
- Fix CVE-2026-33019: integer overflow lead to OOB Read in img2sixel
- Fix CVE-2026-33018: Use-After-Free in load_gif()

Remove redundant CVE-2025-61146.patch and CVE-2025-9300.patch.
Fix 0003-fix-CVE-2026-33018.patch corruption and context mismatch.

Based on patches provided by @curious-rabbit.
Upstream: https://github.com/saitoha/libsixel/security/advisories
Generated-By: glm-5.1
Co-Authored-By: hudeng <hudeng@deepin.org>
@hudeng-go hudeng-go force-pushed the fix/CVE-2026-33021-multi branch from 64c7cff to 64e5f65 Compare May 22, 2026 07:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BLumia BLumia Awaiting requested review from BLumia

Assignees

No one assigned

Labels

cve generated-by-ai

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@deepin-ci-robot @hudeng-go