CVE-2026-40492
Buffer Overflow in SAIL XWD Codec Causes Memory Corruption
Publication date: 2026-04-18
Last updated on: 2026-04-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| happyseaflux | sail | to 1.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the SAIL library, which is used for loading and saving images with support for animation, metadata, and ICC profiles. The issue occurs in the XWD codec where the pixel format is resolved based on `pixmap_depth`, but the byte-swap code uses `bits_per_pixel` independently. Specifically, when `pixmap_depth` is 8 (indicating a 1 byte per pixel buffer) but `bits_per_pixel` is 32, the byte-swap loop incorrectly accesses memory as if it were 4 bytes per pixel. This causes the code to read and write beyond the allocated buffer size, leading to a memory access violation.
How can this vulnerability impact me? :
The vulnerability can lead to out-of-bounds memory access, which may cause crashes, data corruption, or potentially allow an attacker to execute arbitrary code. Given the CVSS score of 9.8, it is a critical issue that can impact confidentiality, integrity, and availability of the affected system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the SAIL library to include the patch introduced in commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, which corrects the byte-swap code to properly handle pixel formats and prevent out-of-bounds memory access.