We are releasing a minor update in response to security advisories. Thank you to everyone who reported the issues.
📢 What's New in libsixel-1.9.7-r2
-
Additional fix for #222, packed byte-size validation in
sixel_encoder_encode_bytes() and Python bindings.
Thanks to @xyzzy42 -
tests: add C and Python regression coverage for #222 packed
encode_bytes() paths. -
Security fix for GHSA-hx93-w8p2-ffh5, integer overflow in high-color
encoder allocation that can lead to out-of-bounds memory access.
Based on a patch provided by @curious-rabbit. -
Security fix for GHSA-9jm7-77gr-qghv, integer overflow in SIXEL parser
repeat/count handling that can lead to out-of-bounds write.
Based on a patch provided by @curious-rabbit. -
Security fix for GHSA-wpx3-h5g8-qr3w, NULL pointer dereference when
palette allocation fails during SIXEL decode.
Based on a patch provided by @curious-rabbit.