A SIXEL encoder/decoder implementation derived from kmiya's sixel (https://github.com/saitoha/sixel).
MIT License
Bot releases are hidden (Show)
Published by saitoha almost 5 years ago
Security fix for CVE-2019-20205 (#127), integer overflow problem,
reported by @sleicasper.
Security fix for CVE-2019-20056 (#126), assertion failure problem,
reported by @sleicasper.
Security fix for CVE-2019-20094 (#125), heap overflow problem,
reported by @cuanduo.
Security fix for #124, illegal longjump() call problem,
reported by @cuanduo.
Serucity fix for #74 and #123, access violation problem,
reported by @HongxuChen and SuhwanSong.
Security fix for #122, heap overflow problem,
reported by @SuhwanSong.
Security fix for CVE-2019-20023(#117, #119, #120), memory leaks problem,
reported by @SuhwanSong and @gutiniao.
Strip first flag check in LZW compression function for issue #118,
reported by @yoichi
For more details, see below summary of vulnerabilities.
No. | assigned CVE | PR | patch | status | fixed on | comment |
---|---|---|---|---|---|---|
#67 | CVE-2018-14072 CVE-2018-14073 | - | f94bc6f 84ed0bc | resolved | v1.8.2 | |
#68 | - | - | 6a19d99 94a647c | resolved | v1.8.2 | |
#69 | - | - | 0d70e04 | resolved | v1.8.2 | |
#70 | - | - | 438188c | resolved | v1.8.2 | |
#71 | - | - | 01c0bad ba21bb9 | resolved | v1.8.2 | |
#72 | - | - | 570d6ae | released | v1.8.3 | |
#73 | - | - | cb373ab 26ac06f | resolved | v1.8.4 | |
#74 | - | - | 0b1e0b3 | resolved | v1.8.5 | |
#75 | - | - | 7808a06 | resolved | v1.8.3 | |
#76 | - | - | e3a4c0e 3c071b9 d7b2600 197d025 | partially resolved | partially fixed on v1.8.3 | |
#77 | CVE-2018-19759 | #98 | 5f64fb1 | resolved | v1.8.3 | |
#78 | CVE-2018-19761 | (#106) | (1377517) | resolved | v1.8.3 | *same as #105 |
#79 | CVE-2018-19757 | #91 #94 | e903c93 a53c872 | resolved | v1.8.3 | |
#80 | CVE-2018-19756 | #93 | d6e34fc | resolved | v1.8.3 | |
#81 | CVE-2018-19762 | #92 | 9861272 | resolved | v1.8.3 | |
#82 | CVE-2018-19763 | #95 | 614e761 | resolved | v1.8.3 | |
#83 | CVE-2019-3573 CVE-2019-3574 | #99 | 9c013f2 68ecbc1 | resolved | v1.8.3 | |
#85 | CVE-2019-11024 | - | b418f35 | resolved | v1.8.4 | |
#88 | - | - | 7808a06 | resolved | v1.8.3 | |
#89 | - | - | a516125 | resolved | v1.8.4 | |
#90 | - | - | (1377517) | resolved | v1.8.3 | *same as #105 |
#97 | - | - | (1377517) | resolved | v1.8.3 | *same as #105 |
#102 | CVE-2019-19638 | #106 | e17c076 | resolved | v1.8.3 | |
#103 | CVE-2019-19635 | #106 | 1377517 | resolved | v1.8.3 | |
#104 | CVE-2019-19636 | #106 | bf46a7b | resolved | v1.8.3 | |
#105 | CVE-2019-19637 | #106 | 1377517 | resolved | v1.8.3 | |
#107 | - | - | 1d35033 | resolved | v1.8.4 | |
#108 | (CVE-2019-19638) | (#106) | (e17c076) | resolved | v1.8.3 | *same as #102 |
#109 | CVE-2019-19777 | (#93) | (d6e34fc) | resolved | v1.8.3 | *same as #80 |
#110 | CVE-2019-19778 | (#95) | (614e761) | resolved | v1.8.3 | *same as #82 |
#111 | - | (#106) | (1377517) | resolved | v1.8.3 | *same as #105 |
#113 | - | (#93) | (aac1df6) | resolved | v1.8.3 | *same as #80 |
#114 | - | - | (9d0a7ff) | resolved | v1.8.4 | *same as #116 |
#116 | - | - | 9d0a7ff | resolved | v1.8.4 | |
#117 | CVE-2019-20023 | - | b9a4175 | resolved | v1.8.5 | |
#118 | - | - | 6367d2f | resolved | v1.8.4 | |
#119 | (CVE-2019-20023) | - | b9a4175 | resolved | 1.8.5 | *same as #117 |
#120 | (CVE-2019-20023) | - | b9a4175 | resolved | 1.8.5 | *same as #117 |
#121 | - | (6367d2f) | resolved | v1.8.4 | *same as #118 | |
#122 | - | 598c8c8 | resolved | v1.8.5 | ||
#123 | - | (0b1e0b3) | resolved | v1.8.5 | *same as #74 | |
#124 | - | c1ef812 | resolved | v1.8.5 | ||
#125 | CVE-2019-20094 | a18b378 | resolved | v1.8.5 | ||
#126 | CVE-2019-20096 | 814f831 | resolved | v1.8.5 | ||
#127 | CVE-2019-20095 | 5543354 | resolved | v1.8.5 |
Published by saitoha almost 5 years ago
Security fix for CVE-2019-11024 (#85), recursive loop problem,
reported by @Loginsoft-Research.
Security fix for #73, illegal memory access problem,
reported by @HongxuChen.
Security fix for #89, core dumped issue,
reported by @niugx.
Security fix for #107, large memory allocation problem,
reported by @cuanduo.
Security fix for #114, heap-buffer-overflow problem,
reported by @SuhwanSong.
Security fix for #116, heap-buffer-overflow problem,
reported by @SuhwanSong.
Security fix for #118, heap-buffer-overflow problem,
reported by @SuhwanSong.
Security fix for #121, heap-buffer-overflow problem,
reported by @gutiniao
For more details, see below summary of vulnerabilities.
No. | assigned CVE | PR | patch | status | fixed on | comment |
---|---|---|---|---|---|---|
#67 | CVE-2018-14072 CVE-2018-14073 | - | f94bc6f 84ed0bc | resolved | v1.8.2 | |
#68 | - | - | 6a19d99 94a647c | resolved | v1.8.2 | |
#69 | - | - | 0d70e04 | resolved | v1.8.2 | |
#70 | - | - | 438188c | resolved | v1.8.2 | |
#71 | - | - | 01c0bad ba21bb9 | resolved | v1.8.2 | |
#72 | - | - | 570d6ae | released | v1.8.3 | |
#73 | - | - | cb373ab 26ac06f | resolved | v1.8.4 | |
#74 | - | - | - | not resolved | - | |
#75 | - | - | 7808a06 | resolved | v1.8.3 | |
#76 | - | - | e3a4c0e 3c071b9 d7b2600 197d025 | partially resolved | partially fixed on v1.8.3 | |
#77 | CVE-2018-19759 | #98 | 5f64fb1 | resolved | v1.8.3 | |
#78 | CVE-2018-19761 | (#106) | (1377517) | resolved | v1.8.3 | *same as #105 |
#79 | CVE-2018-19757 | #91 #94 | e903c93 a53c872 | resolved | v1.8.3 | |
#80 | CVE-2018-19756 | #93 | d6e34fc | resolved | v1.8.3 | |
#81 | CVE-2018-19762 | #92 | 9861272 | resolved | v1.8.3 | |
#82 | CVE-2018-19763 | #95 | 614e761 | resolved | v1.8.3 | |
#83 | CVE-2019-3573 CVE-2019-3574 | #99 | 9c013f2 68ecbc1 | resolved | v1.8.3 | |
#85 | CVE-2019-11024 | - | b418f35 | resolved | v1.8.4 | |
#88 | - | - | 7808a06 | resolved | v1.8.3 | |
#89 | - | - | a516125 | resolved | v1.8.4 | |
#90 | - | - | (1377517) | resolved | v1.8.3 | *same as #105 |
#97 | - | - | (1377517) | resolved | v1.8.3 | *same as #105 |
#102 | CVE-2019-19638 | #106 | e17c076 | resolved | v1.8.3 | |
#103 | CVE-2019-19635 | #106 | 1377517 | resolved | v1.8.3 | |
#104 | CVE-2019-19636 | #106 | bf46a7b | resolved | v1.8.3 | |
#105 | CVE-2019-19637 | #106 | 1377517 | resolved | v1.8.3 | |
#107 | - | - | 1d35033 | resolved | v1.8.4 | |
#108 | (CVE-2019-19638) | (#106) | (e17c076) | resolved | v1.8.3 | *same as #102 |
#109 | CVE-2019-19777 | (#93) | (d6e34fc) | resolved | v1.8.3 | *same as #80 |
#110 | CVE-2019-19778 | (#95) | (614e761) | resolved | v1.8.3 | *same as #82 |
#111 | - | (#106) | (1377517) | resolved | v1.8.3 | *same as #105 |
#113 | - | (#93) | (aac1df6) | resolved | v1.8.3 | *same as #80 |
#114 | - | - | (9d0a7ff) | resolved | v1.8.4 | *same as #116 |
#116 | - | - | 9d0a7ff | resolved | v1.8.4 | |
#117 | - | - | b9a4175 | patched | - | |
#118 | - | - | 6367d2f | resolved | v1.8.4 | |
#119 | - | - | b9a4175 | patched | - | *same as #117 |
#120 | - | - | b9a4175 | patched | - | *same as #117 |
#121 | - | (6367d2f) | resolved | v1.8.4 | *same as |
Published by saitoha almost 5 years ago
Security fix for CVE-2018-19757 (#79), NULL pointer dereference problem,
reported by @nluedtke and fixed by @knok (#91, #94).
Security fix for CVE-2018-19762 (#81), heap-based buffer overflow problem,
reported by @nluedtke and fixed by @knok (#92).
Security fix for CVE-2018-19756 (#80), heap-based buffer over-read problem,
reported by @nluedtke and fixed by @knok (#93).
Security fix for CVE-2018-19763 (#82, reported by @nluedtke) and CVE-2019-19778 (#110, reported by @SuhwanSong),
heap-based buffer over-read problem, fixed by @knok (#95).
Security fix for CVE-2018-19761, illegal address access, fixed by @knok (#96).
Security fix for CVE-2018-19759, heap-based buffer over-read problem, fixed by @knok (#98).
Security fix for CVE-2019-3753 (#83), infinite loop problem,
reported by @cool-tomato and fixed by @knok (#99).
Security fix for CVE-2018-19759 (#102),
heap-based buffer over-read that will cause a denial of service.
reported and fixed by @YourButterfly. (#106)
Security fix for CVE-2019-19635 (#103), heap-based buffer overflow,
reported and fixed by @YourButterfly. (#106)
Security fix for CVE-2019-19636 (#104) and CVE-2019-19637 (#105), integer overflow problem.
reported and fixed by @YourButterfly. (#106)
gif loader: check LZW code size (Issue #75), Thanks to @HongxuChen.
https://github.com/saitoha/libsixel/commit/7808a06b88c11dbc502318cdd51fa374f8cd47ee
core: Fix a global-buffer-overflow problem (Issue #72), Thanks to @fgeek.
https://github.com/saitoha/libsixel/commit/c868b59ec89bdb24c42a0de89e5319a989076c66
core: Fix unexpected hangs/performance issues (Issue #76), Thanks to @HongxuChen.
https://github.com/saitoha/libsixel/commit/88561b7a810017b91d26b6273323dde4b6f9b273
https://github.com/saitoha/libsixel/commit/2d3d9ffe8ab886b7bc670fd896d63c628436cc66
https://github.com/saitoha/libsixel/commit/c9363cd1d5929e1d721af9f09633061dfa8152fe
Published by saitoha about 6 years ago
This release provides some security updates.
core: Fix memory leak problems(#67, CVE-2018-14072, CVE-2018-14073), thanks to @fCorleone.
https://github.com/saitoha/libsixel/commit/f94bc6fec696abd77be275226f28409602bd1f27
https://github.com/saitoha/libsixel/commit/84ed0bc35e273ebd0a7fbc9d8f8669f7cf5f5612
core: Fix some heap buffer-overflow problems(#68, #69, #70, #71), thanks to @fgeek.
https://github.com/saitoha/libsixel/commit/6a19d99f95dafbbb50facf9267497afbcfba5731
https://github.com/saitoha/libsixel/commit/0d70e046437370c86696f2ed38ac0413855d98ce
https://github.com/saitoha/libsixel/commit/438188c1f8b418a38674364cf5c126ef3ed4166a
https://github.com/saitoha/libsixel/commit/ba21bb94d68f8bf7dc590400a707753f5d5c4709
man: Fix a typo (#66), thanks to @tsutsui.
https://github.com/saitoha/libsixel/commit/cf4728159c6493b64ac7bf187290698ca97cce82
Published by saitoha over 6 years ago
v1.8.1 includes an important bug fix.
https://github.com/saitoha/libsixel/commit/600f122afe120db611d1eebdd596b5418776fe57
Published by saitoha over 6 years ago
------------------------------
What's new in libsixel-1.8 ?
------------------------------
core: Upgrade stb_image to 2.19.
core: Introduce new dithering method, a_dither / x_dither (http://pippin.gimp.org/a_dither/).
Thanks to @hodefoting.
https://github.com/saitoha/libsixel/pull/53
core: Fix wrong HLS color handling.
https://github.com/saitoha/libsixel/commit/0fb35d22e7ba4ed8bce3be42791e6b39c3187b89
core: Improve quality of 15bpp(hi-color mode) dither.
https://github.com/saitoha/libsixel/commit/42f34283defea67c2d6294af4bd7dcb4fdf9f046
img2sixel: Allow a deferred clear code in a GIF format
GIF decoder must do nothing when the table is full.
See Section "DEFERRED CLEAR CODE IN LZW COMPRESSION" in
https://www.w3.org/Graphics/GIF/spec-gif89a.txt.
Thanks to @mame.
https://github.com/saitoha/libsixel/pull/63
img2sixel: Marks -D option (read source images from stdin continuously) as deprecated
https://github.com/saitoha/libsixel/commit/9c8ffa62203899d866fc28e3ab7c6dfd9a0019b1
Some bug fixes and minor improvements.
Thanks to @set135, @ttdoda.
Announcement for package maintainers:
Immutable tarball is provided, because GitHub auto-generated tarball may be not immutable.
https://github.com/saitoha/libsixel/releases/download/v1.8.0/libsixel-1.8.0.tar.gz
For details, see https://github.com/saitoha/libsixel/issues/64 .
We additionally provide immutable tarball:
https://github.com/saitoha/libsixel/releases/download/v1.7.3/libsixel-1.7.3.tar.gz
According to Issue #64, GitHub auto-generated tarball(https://github.com/saitoha/libsixel/archive/v1.7.3.tar.gz) may be not immutable.