Fabre

#1124956 libstb: CVE-2021-45340 #1124956

Package:: src:libstb

Source:: src:libstb

Submitter:: Salvatore Bonaccorso

Date:: 2026-01-07 19:41:03 UTC

Severity:: normal

Tags:

#1124956#5

Date:: 2026-01-07 19:39:08 UTC

From:

To:

Hi,

The following vulnerability was published for libstb.

CVE-2021-45340[0]:
| In Libsixel prior to and including v1.10.3, a NULL pointer
| dereference in the stb_image.h component of libsixel allows
| attackers to cause a denial of service (DOS) via a crafted PICT
| file.

The CVE while specifically assigned to libsixed is in the bundled
libstb, so we track this CVE as well for src:libstb. The patch in
libstb itself is missing.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-45340
https://www.cve.org/CVERecord?id=CVE-2021-45340
[1] https://github.com/saitoha/libsixel/commit/1c58a6ea708b6fa793ffb5a10798ccfea36e8eed

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

#1124956 libstb: CVE-2021-45340 #1124956

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)