CVE-2026-40494
Heap Buffer Overflow in SAIL TGA Codec Allows Memory Corruption
Publication date: 2026-04-18
Last updated on: 2026-04-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| happyseaflux | sail | to 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the SAIL library's TGA image codec, specifically in its RLE decoder implementation. The issue is an asymmetric bounds check in the raw-packet decoding path, which lacks proper validation of buffer limits. As a result, an attacker can write up to 496 bytes of controlled data beyond the end of a heap buffer, potentially leading to memory corruption.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to severe impacts including arbitrary code execution, denial of service, or system compromise. Because the attacker can overwrite memory beyond the intended buffer, they may manipulate program behavior, crash applications, or execute malicious code with the privileges of the affected process.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is patched in commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302. Immediate mitigation involves updating the SAIL library to a version that includes this commit or later.