EUVD-2026-23644CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on pixmap_depth but the byte-swap code uses bits_per_pixel independently. When pixmap_depth=8 (BPP8_INDEXED, 1 byte/pixel buffer) but bits_per_pixel=32, the byte-swap loop accesses memory as uint32_t*, reading/writing 4x the allocated buffer size. This is a different vulnerability from the previously reported GHSA-3g38-x2pj-mv55 (CVE-2026-27168), which addressed bytes_per_line validation. Commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02 contains a patch.
AnalysisAI
Out-of-bounds memory access in SAIL image library's XWD codec allows remote attackers to achieve arbitrary code execution via malformed image files. The vulnerability stems from a pixel format mismatch where buffer allocation uses pixmap_depth=8 (1 byte/pixel) but byte-swap operations use bits_per_pixel=32 (4 bytes/pixel), causing 4x buffer overrun. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: inventory all systems and applications using SAIL image library and identify those handling XWD image format; disable XWD codec processing if not essential. Within 7 days: apply vendor patch from commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02 or later to all affected systems; verify patch deployment. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today