CVE-2025-61146 – CVE-2025-61146 is a memory leak vulnerability i... (How to Fix)

Q: What is the severity of CVE-2025-61146?

CVE-2025-61146 has a CVSS score of 4.0 (MEDIUM). CVE-2025-61146 is a memory leak vulnerability in saitoha libsixel's malloc_stub.c component. This vulnerability allows attackers to cause gradual memory exhaustion in applications using vulnerable libsixel versions, potentially leading to denial of service. Affected users include anyone using libsixel for SIXEL graphics processing in their applications.

📋 TL;DR

CVE-2025-61146 is a memory leak vulnerability in saitoha libsixel's malloc_stub.c component. This vulnerability allows attackers to cause gradual memory exhaustion in applications using vulnerable libsixel versions, potentially leading to denial of service. Affected users include anyone using libsixel for SIXEL graphics processing in their applications.

💻 Affected Systems

Products:

saitoha libsixel

Versions: All versions until v1.8.7

Operating Systems: All platforms where libsixel is used

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects applications that use libsixel's SIXEL graphics processing functionality.

📦 What is this software?

Libsixel by Libsixel Project

View all CVEs affecting Libsixel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could lead to complete memory exhaustion, causing application crashes or system instability in memory-constrained environments.

🟠

Likely Case

Gradual memory consumption over time leading to degraded application performance and potential crashes during extended usage.

🟢

If Mitigated

Minimal impact with proper memory monitoring and restart policies in place.

🌐 Internet-Facing: LOW - Requires specific conditions and repeated exploitation to cause significant impact.

🏢 Internal Only: LOW - Memory leak requires repeated triggering and would be noticeable through monitoring.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires specific conditions to trigger the memory leak repeatedly. No known weaponized exploits exist.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.8.8 and later

Vendor Advisory: https://github.com/saitoha/libsixel/commit/e0ba6685262a3679cc5b9009c0c5b7dc8a3f262e

Restart Required: Yes

Instructions:

1. Update libsixel to version 1.8.8 or later. 2. Recompile any applications using libsixel. 3. Restart affected services.

🔧 Temporary Workarounds

Memory monitoring and restart

all

Implement memory usage monitoring and automatic restart policies for applications using libsixel

🧯 If You Can't Patch

Implement strict memory usage limits and automatic restart policies for affected applications
Monitor system memory usage and restart services when memory consumption exceeds thresholds

🔍 How to Verify

Check if Vulnerable:

Check libsixel version with 'libsixel-config --version' or examine package manager output

Check Version:

libsixel-config --version || pkg-config --modversion libsixel

Verify Fix Applied:

Verify version is 1.8.8 or later and test SIXEL processing functionality

📡 Detection & Monitoring

Log Indicators:

Unusual memory growth patterns in application logs
Application crashes with out-of-memory errors

Network Indicators:

None specific - this is a local memory issue

SIEM Query:

Process memory usage exceeding normal thresholds for applications using libsixel

📊 Metadata

CVE ID: CVE-2025-61146

CVSS v3 Score: 4.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-401

Published: February 23, 2026

Last Updated: February 26, 2026

🔗 References

https://gist.github.com/optionGo/1100e5be05c5558501a95f5e99160584 Third Party Advisory
https://github.com/saitoha/libsixel/commit/e0ba6685262a3679cc5b9009c0c5b7dc8a3f262e Patch
https://github.com/saitoha/libsixel/issues/207 Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61146, you might also want to check these: