CVE-2026-40492

SAIL · SAIL library

A logic error in the XWD codec of the SAIL image library causes a heap-based buffer overflow by using mismatched pixel depth and bit-swap logic.

Executive summary

A critical heap buffer overflow in the SAIL library XWD codec allows unauthenticated remote attackers to perform out-of-bounds memory access via malformed XWD files.

Vulnerability

The XWD codec miscalculates memory access during byte-swapping when the pixmap_depth and bits_per_pixel values are inconsistent. This causes the application to read and write significantly beyond the allocated buffer boundaries.

Business impact

The CVSS score of 9.8 highlights the severity of this memory corruption vulnerability. Successful exploitation could allow an attacker to read sensitive memory or execute arbitrary commands with the privileges of the application, leading to significant security breaches.

Remediation

Immediate Action: Update the SAIL library to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02 or newer.

Proactive Monitoring: Monitor for suspicious application behavior, such as unauthorized memory access errors or unexpected service termination when parsing image data.

Compensating Controls: Implement strict input validation or sandboxing for any process that handles XWD image formats to contain potential memory corruption attempts.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

This vulnerability represents a significant risk to the integrity and availability of systems utilizing the SAIL library. Immediate patching is strongly advised to prevent exploitation through malformed XWD files, which could be easily delivered via standard user-upload vectors.