Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
SAIL Library: Arbitrary Code Execution through Malicious Image Files
CVE-2026-27168
Summary
The SAIL library is susceptible to a serious security flaw when handling certain types of image files. An attacker can exploit this weakness by creating a specially crafted image file, potentially allowing them to execute malicious code on a system that uses the library. No fix is currently available for this issue, so affected users should consider alternative libraries or wait for a patch.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| sail | sail | <= 0.9.10 | – |
Original title
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD pars...
Original description
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os read directly from the file as the read size in io->strict_read(), and is never compared to the actual size of the destination buffer. An attacker can provide an XWD file with an arbitrarily large bytes_per_line, causing a massive write operation beyond the buffer heap allocated for the image pixels. The issue did not have a fix at the time of publication.
nvd CVSS3.1
9.8
Vulnerability type
CWE-122
Heap-based Buffer Overflow
- https://github.com/HappySeaFox/sail/security/advisories/GHSA-3g38-x2pj-mv55 Exploit Vendor Advisory
Published: 21 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026