CVE-2026-40494

SAIL · SAIL library

The TGA codec in the SAIL image processing library contains an asymmetric bounds check error in the RLE decoder, leading to a heap-based buffer overflow.

Executive summary

A critical heap-based buffer overflow in the SAIL library TGA codec allows unauthenticated remote attackers to execute arbitrary code or crash applications.

Vulnerability

This is a memory corruption vulnerability within the TGA codec's raw-packet path. An attacker can supply a malformed TGA image to trigger an out-of-bounds write of up to 496 bytes of controlled data to the heap.

Business impact

The CVSS score of 9.8 reflects the high probability of successful exploitation and the potential for full system compromise. Successful execution of this vulnerability could lead to unauthorized data access, complete application failure, or the execution of malicious code within the context of the service processing the image.

Remediation

Immediate Action: Update the SAIL library to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302 or newer.

Proactive Monitoring: Monitor application logs for unexpected segmentation faults or service restarts, which may indicate attempted exploitation.

Compensating Controls: Deploy image scanning and validation tools at the perimeter to inspect incoming files for malformed TGA structures before processing.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Given the critical severity of this memory corruption flaw, organizations utilizing the SAIL library must prioritize patching. Update the library immediately to the provided commit to eliminate the risk of heap manipulation and potential remote code execution.