CVE-2019-3573
First published: Wed Jan 02 2019(Updated: )
In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl() in the file fromsixel.c, as demonstrated by sixel2png.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Libsixel Project Libsixel | =1.8.2 | |
| =1.8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-3573?
CVE-2019-3573 is a vulnerability found in libsixel v1.8.2 that allows an attacker to cause an infinite loop in the sixel_decode_raw_impl() function, leading to a denial of service (DoS) condition.
How severe is CVE-2019-3573?
CVE-2019-3573 has a severity keyword of 'medium' and a severity value of 5.5.
How can an attacker exploit CVE-2019-3573?
An attacker can exploit CVE-2019-3573 by sending a specially crafted input to the vulnerable function sixel_decode_raw_impl(), triggering an infinite loop and causing a denial of service.
What software versions are affected by CVE-2019-3573?
The affected software version is libsixel v1.8.2.
Is there a fix available for CVE-2019-3573?
At the time of writing, there is no official fix available for CVE-2019-3573. It is recommended to update to a newer version of the software when a fix is released.
- collector/nvd-index
- agent/references
- agent/type
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/libsixel project
- canonical/libsixel project libsixel
- version/libsixel project libsixel/1.8.2