CVE-2026-27168
Received Received - Intake
Heap-Based Buffer Overflow in SAIL XWD Image Parser

Publication date: 2026-02-21

Last updated on: 2026-03-02

Assigner: GitHub, Inc.

Description
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os read directly from the file as the read size in io->strict_read(), and is never compared to the actual size of the destination buffer. An attacker can provide an XWD file with an arbitrarily large bytes_per_line, causing a massive write operation beyond the buffer heap allocated for the image pixels. The issue did not have a fix at the time of publication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-21
Last Modified
2026-03-02
Generated
2026-06-16
AI Q&A
2026-02-21
EPSS Evaluated
2026-06-15
NVD
CVE-2026-27168
EUVD
EUVD-2026-7747
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sail sail to 0.9.10 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-27168 is a heap-based buffer overflow vulnerability in the Sail-codecs-xwd package, specifically in the XWD image parser. The vulnerability occurs because the parser reads the bytes_per_line value directly from the XWD file header and uses it as the size parameter in a read operation without validating it against the actual size of the destination buffer.

An attacker can craft a malicious XWD file with an arbitrarily large bytes_per_line value, causing the read operation to write beyond the allocated heap buffer for image pixels. This leads to heap memory corruption, which can be exploited to execute arbitrary code.

The vulnerability requires no privileges or user interaction and can be exploited by an adjacent attacker. It is classified under CWE-122 (Heap-based Buffer Overflow) and has a high severity score (CVSS 8.8).

Impact Analysis

This vulnerability can have severe impacts including corruption of heap memory and potential arbitrary code execution. An attacker exploiting this flaw can gain control over the execution flow of the affected application.

Because the vulnerability requires no privileges or user interaction and can be exploited by an adjacent attacker, it poses a significant security risk.

The impact affects confidentiality, integrity, and availability of the system, all rated as high in the CVSS assessment.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by using a proof-of-concept (PoC) exploit that generates a malicious XWD file with an abnormally large bytes_per_line value (e.g., 60000) to trigger the heap buffer overflow.

When running the vulnerable Sail library compiled with AddressSanitizer (ASAN), the heap-buffer-overflow error will be detected during the read operation of the XWD file.

To detect the vulnerability on your system, you can:

  • Compile the Sail library with AddressSanitizer enabled.
  • Use the provided PoC Python script to generate a malicious XWD file with a large bytes_per_line value.
  • Run the vulnerable application or test code to load the malicious XWD file and observe if ASAN reports a heap-buffer-overflow.

No specific network detection commands are provided, but monitoring for crashes or memory errors when processing XWD files can indicate exploitation attempts.

Mitigation Strategies

Since there is no fix available at the time of publication, immediate mitigation steps include:

  • Avoid processing untrusted or unauthenticated XWD image files with the vulnerable Sail library.
  • Implement input validation or filtering to reject XWD files with suspiciously large bytes_per_line values before parsing.
  • Use sandboxing or run the image processing in a restricted environment to limit the impact of potential exploitation.
  • Monitor for updates or patches from the Sail library maintainers and apply them as soon as they become available.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27168. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart