libsixel - Debian Package Tracker

general

source: libsixel (main)
version: 1:1.8.7-3
maintainer: NOKUBI Takatsugu (DMD)
arch: any
std-ver: 4.1.5
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.8.6-2
oldstable: 1.10.3-3
stable: 1.10.5-1
testing: 1.10.5-1
unstable: 1:1.8.7-3

versioned links

1.8.6-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.3-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.5-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.8.7-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libsixel-bin
libsixel-dev (1 bugs: 0, 1, 0, 0)
libsixel1

action needed

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0:00:30
Last run: 2026-03-19T07:56:51.000Z
Previous status: unknown

testing: pass (log)
The tests ran in 0:00:25
Last run: 2026-03-19T22:24:38.000Z
Previous status: unknown

stable: pass (log)
The tests ran in 0:00:31
Last run: 2025-11-09T19:07:32.000Z
Previous status: unknown

Created: 2026-03-14 Last update: 2026-03-20 13:00

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch source
  https://github.com/libsixel/libsixel/releases

Created: 2026-03-19 Last update: 2026-03-20 08:30

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2021-46700: In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.
CVE-2025-61146: saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c.

Created: 2022-07-04 Last update: 2026-03-19 04:00

5 security issues in forky high

There are 5 open security issues in forky.

5 important issues:

CVE-2025-9300: A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is identified as 316c086e79d66b62c0c4bc66229ee894e4fdb7d1. Applying a patch is advised to resolve this issue.
CVE-2021-46700: In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.
CVE-2022-29977: There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.
CVE-2022-29978: There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.
CVE-2025-61146: saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c.

Created: 2025-08-09 Last update: 2026-03-19 04:00

The VCS repository is not up to date, push the missing commits. high

vcswatch reports that the current version of the package is not in its VCS.
Either you need to push your commits and/or your tags, or the information about the package's VCS are out of date. A common cause of the latter issue when using the Git VCS is not specifying the correct branch when the packaging is not in the default one (remote HEAD branch), which is usually "master" but can be modified in salsa.debian.org in the project's general settings with the "Default Branch" field). Alternatively the Vcs-Git field in debian/control can contain a "-b <branch-name>" suffix to indicate what branch is used for the Debian packaging.

Created: 2026-03-12 Last update: 2026-03-19 03:33

lintian reports 8 warnings normal

Lintian reports 8 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-03-19 Last update: 2026-03-19 12:31

5 low-priority security issues in trixie low

There are 5 open security issues in trixie.

5 issues left for the package maintainer to handle:

CVE-2025-9300: (needs triaging) A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is identified as 316c086e79d66b62c0c4bc66229ee894e4fdb7d1. Applying a patch is advised to resolve this issue.
CVE-2021-46700: (postponed; to be fixed through a stable update) In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.
CVE-2022-29977: (postponed; to be fixed through a stable update) There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.
CVE-2022-29978: (postponed; to be fixed through a stable update) There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.
CVE-2025-61146: (needs triaging) saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-06-11 Last update: 2026-03-19 04:00

6 low-priority security issues in bookworm low

There are 6 open security issues in bookworm.

5 issues left for the package maintainer to handle:

CVE-2025-9300: (needs triaging) A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is identified as 316c086e79d66b62c0c4bc66229ee894e4fdb7d1. Applying a patch is advised to resolve this issue.
CVE-2021-46700: (needs triaging) In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.
CVE-2022-29977: (postponed; to be fixed through a stable update) There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.
CVE-2022-29978: (postponed; to be fixed through a stable update) There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.
CVE-2025-61146: (needs triaging) saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c.

You can find information about how to handle these issues in the security team's documentation.

1 ignored issue:

CVE-2021-45340: In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.

Created: 2023-06-10 Last update: 2026-03-19 04:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.3 instead of 4.1.5).

Created: 2018-08-20 Last update: 2026-03-19 07:00

testing migrations

excuses:
- Migration status for libsixel (1.10.5-1 to 1:1.8.7-3): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Autopkgtest for libsixel/1:1.8.7-3: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻), ppc64el: Reference test triggered, but real test failed already ♻, riscv64: Regression ♻ (reference ♻), s390x: Regression ♻ (reference ♻)
- ∙ ∙ Too young, only 1 of 5 days old
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/libs/libsixel.html
- ∙ ∙ Reproduced on amd64
- ∙ ∙ Reproduced on arm64
- ∙ ∙ Reproduced on armhf
- ∙ ∙ Reproducibility check waiting for results on i386
- ∙ ∙ Reproducibility check waiting for results on ppc64el
- Not considered

news

[rss feed]

[2026-03-18] Accepted libsixel 1:1.8.7-3 (source) into unstable (NOKUBI Takatsugu)
[2026-03-18] Accepted libsixel 1:1.8.7-2 (source) into unstable (NOKUBI Takatsugu)
[2026-03-12] Accepted libsixel 1:1.8.7-1 (source amd64) into unstable (NOKUBI Takatsugu)
[2025-01-15] libsixel 1.10.5-1 MIGRATED to testing (Debian testing watch)
[2025-01-13] Accepted libsixel 1.10.5-1 (source) into unstable (NOKUBI Takatsugu)
[2022-01-16] libsixel 1.10.3-3 MIGRATED to testing (Debian testing watch)
[2022-01-13] Accepted libsixel 1.10.3-3 (source) into unstable (NOKUBI Takatsugu)
[2022-01-13] Accepted libsixel 1.10.3-2 (source) into unstable (NOKUBI Takatsugu)
[2022-01-12] Accepted libsixel 1.10.3-1 (source) into unstable (NOKUBI Takatsugu)
[2020-05-09] libsixel 1.8.6-2 MIGRATED to testing (Debian testing watch)
[2020-05-07] Accepted libsixel 1.8.6-2 (source) into unstable (NOKUBI Takatsugu)
[2020-03-10] libsixel 1.8.6-1 MIGRATED to testing (Debian testing watch)
[2020-03-05] Accepted libsixel 1.8.6-1 (source) into unstable (NOKUBI Takatsugu)
[2019-12-03] Accepted libsixel 1.5.2-2+deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (NOKUBI Takatsugu)
[2019-11-09] Accepted libsixel 1.8.2-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (NOKUBI Takatsugu)
[2019-09-23] libsixel 1.8.2-2.1 MIGRATED to testing (Debian testing watch)
[2019-09-20] Accepted libsixel 1.8.2-2.1 (source) into unstable (Boyuan Yang)
[2019-09-09] Accepted libsixel 1.8.2-2 (source amd64 all) into unstable (NOKUBI Takatsugu)
[2018-07-28] libsixel 1.8.2-1 MIGRATED to testing (Debian testing watch)
[2018-07-23] Accepted libsixel 1.8.2-1 (source amd64 all) into unstable (NOKUBI Takatsugu)
[2018-07-16] libsixel 1.8.1-1 MIGRATED to testing (Debian testing watch)
[2018-07-11] Accepted libsixel 1.8.1-1 (source amd64 all) into unstable (NOKUBI Takatsugu)
[2017-09-02] libsixel 1.7.3-1 MIGRATED to testing (Debian testing watch)
[2017-08-28] Accepted libsixel 1.7.3-1 (source amd64 all) into unstable, unstable (NOKUBI Takatsugu)
[2015-09-09] libsixel 1.5.2-2 MIGRATED to testing (Britney)
[2015-09-04] Accepted libsixel 1.5.2-2 (source i386) into unstable (NOKUBI Takatsugu)
[2015-09-01] Accepted libsixel 1.5.2-1 (source i386) into unstable (NOKUBI Takatsugu)
[2015-04-27] libsixel 1.4.2-1 MIGRATED to testing (Britney)
[2014-12-09] Accepted libsixel 1.4.2-1 (source i386) into unstable (NOKUBI Takatsugu)
[2014-12-09] Accepted libsixel 1.1.2-2 (source i386) into unstable (NOKUBI Takatsugu)

bugs [bug history graph]

all: 6
RC: 0
I&N: 5
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian (0, 8)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.10.5-1build1