CVE-2026-40494
Received Received - Intake
Heap Buffer Overflow in SAIL TGA Codec Allows Memory Corruption

Publication date: 2026-04-18

Last updated on: 2026-04-18

Assigner: GitHub, Inc.

Description
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in `tga.c` has an asymmetric bounds check vulnerability. The run-packet path (line 297) correctly clamps the repeat count to the remaining buffer space, but the raw-packet path (line 305-311) has no equivalent bounds check. This allows writing up to 496 bytes of attacker-controlled data past the end of a heap buffer. Commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302 patches the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-18
Last Modified
2026-04-18
Generated
2026-06-16
AI Q&A
2026-04-18
EPSS Evaluated
2026-06-15
NVD
CVE-2026-40494
EUVD
EUVD-2026-23648
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
happyseaflux sail to 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the SAIL library's TGA image codec, specifically in its RLE decoder implementation. The issue is an asymmetric bounds check in the raw-packet decoding path, which lacks proper validation of buffer limits. As a result, an attacker can write up to 496 bytes of controlled data beyond the end of a heap buffer, potentially leading to memory corruption.

Impact Analysis

Exploitation of this vulnerability can lead to severe impacts including arbitrary code execution, denial of service, or system compromise. Because the attacker can overwrite memory beyond the intended buffer, they may manipulate program behavior, crash applications, or execute malicious code with the privileges of the affected process.

Mitigation Strategies

The vulnerability is patched in commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302. Immediate mitigation involves updating the SAIL library to a version that includes this commit or later.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40494. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart