Skip to main content

Suse EUVDEUVD-2026-19527

| CVE-2026-35444 HIGH
Out-of-bounds Read (CWE-125)
2026-04-06 security-advisories@github.com
7.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
SUSE
HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

7
Analysis Updated
Apr 16, 2026 - 06:05 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
996bf12888925932daace576e09c3053410896f8
Re-analysis Queued
Apr 16, 2026 - 05:03 vuln.today
cvss_changed
EUVD ID Assigned
Apr 06, 2026 - 22:22 euvd
EUVD-2026-19527
Analysis Generated
Apr 06, 2026 - 22:22 vuln.today
CVE Published
Apr 06, 2026 - 22:16 nvd
HIGH 7.1

DescriptionGitHub Advisory

SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size (cm_num). A crafted .xcf file with a small colormap and out-of-range pixel indices causes heap out-of-bounds reads of up to 762 bytes past the colormap allocation. Both IMAGE_INDEXED code paths are affected (bpp=1 and bpp=2). The leaked heap bytes are written into the output surface pixel data, making them potentially observable in the rendered image. This vulnerability is fixed with commit 996bf12888925932daace576e09c3053410896f8.

AnalysisAI

Heap out-of-bounds read in SDL_image library's XCF format parser allows remote information disclosure when processing malicious GIMP files. Attackers can craft .xcf files with undersized colormaps and invalid pixel indices to leak up to 762 bytes of heap memory into rendered image data, potentially exposing sensitive process memory. The vulnerability affects both indexed color code paths (1-bit and 2-bit per pixel). No public exploit identified at time of analysis, but EPSS and exploitation likelihood are notable given the library's widespread use in gaming and multimedia applications requiring minimal user interaction (opening a file).

Technical ContextAI

SDL_image is a widely-used auxiliary library for Simple DirectMedia Layer (SDL) that handles loading various image formats including GIMP's native XCF format. The vulnerability exists in the do_layer_surface() function within src/IMG_xcf.c, specifically in the IMAGE_INDEXED rendering path. When decoding XCF tile data, the code extracts pixel index values and uses them to look up colors in a colormap structure without boundary validation. The colormap size is defined by the cm_num field, but pixel indices from untrusted tile data are applied directly as array offsets. This represents a classic CWE-125 (Out-of-bounds Read) vulnerability. Both bpp=1 and bpp=2 code paths trust pixel indices implicitly, allowing indices >= cm_num to read beyond the allocated colormap buffer. The vulnerable code path is triggered during normal image loading operations when processing indexed-color XCF layers, making it reachable through standard library APIs without requiring special modes or configurations.

RemediationAI

Upstream fix available via commit 996bf12888925932daace576e09c3053410896f8 in the libsdl-org/SDL_image repository; released patched version not independently confirmed from available data. Organizations should monitor the SDL_image release page for tagged versions incorporating this commit and upgrade immediately upon availability. Until a released version is confirmed, development builds can integrate the fix commit directly from source. As an interim mitigation, applications can disable XCF format support if not operationally required by removing or not registering the XCF loader module, though this may break functionality for users expecting GIMP file compatibility. Input validation layers should restrict accepted image formats to trusted types where feasible. Security-conscious deployments should sandbox image processing operations to limit heap disclosure impact. Consult the official advisory at https://github.com/libsdl-org/SDL_image/security/advisories/GHSA-gq8w-x74c-h6p7 for vendor-specific guidance and version recommendations as they become available.

Vendor StatusVendor

SUSE

Severity: High
Product Status
openSUSE Tumbleweed Fixed

Share

EUVD-2026-19527 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy