CVE-2026-40492
Published:April 18, 2026
Updated:April 23, 2026
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on "pixmap_depth" but the byte-swap code uses "bits_per_pixel" independently. When "pixmap_depth=8" (BPP8_INDEXED, 1 byte/pixel buffer) but "bits_per_pixel=32", the byte-swap loop accesses memory as "uint32_t*", reading/writing 4x the allocated buffer size. This is a different vulnerability from the previously reported GHSA-3g38-x2pj-mv55 (CVE-2026-27168), which addressed "bytes_per_line" validation. Commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02 contains a patch.
Related ResourcesĀ (2)
Do you need more information?
Contact UsCVSS v4
Base Score:
9.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Out-of-bounds Write
EPSS
Base Score:
0.04
