CVE-2026-27168
CRITICAL EPSS 31.6%
Published Feb 21, 20264mo ago · Modified Mar 2, 20264mo ago
9.8 CVSS 3.1
Published Feb 21, 2026 4mo ago
Last Modified Mar 2, 2026 4mo ago
Description
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os read directly from the file as the read size in io->strict_read(), and is never compared to the actual size of the destination buffer. An attacker can provide an XWD file with an arbitrarily large bytes_per_line, causing a massive write operation beyond the buffer heap allocated for the image pixels. The issue did not have a fix at the time of publication.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
31.6% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-122
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| sail | sail | * | ≤0.9.10 |
References 1
- github.com https://github.com/HappySeaFox/sail/security/advisories/GHSA-3g38-x2pj-mv55
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.