Critical severity9.8NVD Advisory· Published Apr 18, 2026· Updated Apr 20, 2026

CVE-2026-40494

Description

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in tga.c has an asymmetric bounds check vulnerability. The run-packet path (line 297) correctly clamps the repeat count to the remaining buffer space, but the raw-packet path (line 305-311) has no equivalent bounds check. This allows writing up to 496 bytes of attacker-controlled data past the end of a heap buffer. Commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302 patches the issue.

Affected products

HappySeaFox/Sailreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/HappySeaFox/sail/commit/45d48d1f2e8e0d73e80bc1fd5310cb57f4547302nvd
github.com/HappySeaFox/sail/security/advisories/GHSA-cp2j-rwh4-r46fnvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000