A heap-based buffer overflow exists in image_buffer_resize in fromsixel.c in libsixel prior to 1.8.4.
libsixel project libsixel