EUVD-2026-19527
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Lifecycle Timeline
3Description
SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size (cm_num). A crafted .xcf file with a small colormap and out-of-range pixel indices causes heap out-of-bounds reads of up to 762 bytes past the colormap allocation. Both IMAGE_INDEXED code paths are affected (bpp=1 and bpp=2). The leaked heap bytes are written into the output surface pixel data, making them potentially observable in the rendered image. This vulnerability is fixed with commit 996bf12888925932daace576e09c3053410896f8.
Analysis
Heap out-of-bounds read in SDL_image library's XCF format parser allows remote information disclosure when processing malicious GIMP files. Attackers can craft .xcf files with undersized colormaps and invalid pixel indices to leak up to 762 bytes of heap memory into rendered image data, potentially exposing sensitive process memory. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all internal systems and third-party applications using SDL_image library (including version tracking); notify relevant teams in gaming, multimedia, and development departments. Within 7 days: Implement file-type restrictions (block .xcf uploads/processing where possible) and deploy network segmentation to isolate SDL_image-dependent services from sensitive data stores. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today