VYPR
Unrated severityNVD Advisory· Published Feb 20, 2026· Updated Feb 25, 2026

SAIL: Heap-based Buffer Overflow in Sail-codecs-xwd

CVE-2026-27168

Description

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os read directly from the file as the read size in io->strict_read(), and is never compared to the actual size of the destination buffer. An attacker can provide an XWD file with an arbitrarily large bytes_per_line, causing a massive write operation beyond the buffer heap allocated for the image pixels. The issue did not have a fix at the time of publication.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • HappySeaFox/Sailllm-fuzzy2 versions
    all versions+ 1 more
    • (no CPE)range: all versions
    • (no CPE)range: <= 0.9.10

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.