Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Adobe Photoshop: Image Processing Crashes Application
CVE-2026-40493
Summary
A bug in Adobe Photoshop's image processing library can cause the application to crash when working with certain image files. This issue affects users who work with images in LAB mode, potentially leading to data loss or system instability. An update is available to resolve this issue; users should apply it to ensure continued safe use of the library.
Original title
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec comput...
Original description
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel (`bpp`) from raw header fields `channels * depth`, but the pixel buffer is allocated based on the resolved pixel format. For LAB mode with `channels=3, depth=16`, `bpp = (3*16+7)/8 = 6`, but the format `BPP40_CIE_LAB` allocates only 5 bytes per pixel. Every pixel write overshoots, causing a deterministic heap buffer overflow on every row. Commit c930284445ea3ff94451ccd7a57c999eca3bc979 contains a patch.
nvd CVSS3.1
9.8
Vulnerability type
CWE-787
Out-of-bounds Write
Published: 18 Apr 2026 · Updated: 18 Apr 2026 · First seen: 18 Apr 2026