What is CVE-2026-44638?

CVE-2026-44638 is a low-severity vulnerability in Saitoha Libsixel, classified under NULL Pointer Dereference. CVSS score: 2.5/10. Published 2026-05-14.

How severe is CVE-2026-44638?

Low severity. CVSS v3 base score is 2.5 out of 10.

NULL pointer dereference in Saitoha Libsixel

CVE-2026-44638

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_decode causes a NULL pointer dereference whenever the allocation fa…

EPSS: 0.000 (4.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.5 (Low). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L.

Affected products

Saitoha Libsixel — versions >= 1.0.0, < 1.8.7-r2

Weakness classification (CWE)

CWE-476 — NULL Pointer Dereference
CWE-690

References

security-advisories@github.com (x_refsource_CONFIRM, Exploit, Vendor Advisory)

Frequently asked questions

What is CVE-2026-44638?: CVE-2026-44638 is a low-severity vulnerability in Saitoha Libsixel, classified under NULL Pointer Dereference. CVSS score: 2.5/10. Published 2026-05-14.
How severe is CVE-2026-44638?: Low severity. CVSS v3 base score is 2.5 out of 10.