Vulnerability Description
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on `pixmap_depth` but the byte-swap code uses `bits_per_pixel` independently. When `pixmap_depth=8` (BPP8_INDEXED, 1 byte/pixel buffer) but `bits_per_pixel=32`, the byte-swap loop accesses memory as `uint32_t*`, reading/writing 4x the allocated buffer size. This is a different vulnerability from the previously reported GHSA-3g38-x2pj-mv55 (CVE-2026-27168), which addressed `bytes_per_line` validation. Commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02 contains a patch.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://github.com/HappySeaFox/sail/commit/36aa5c7ec8a2bb35f6fb867a1177a6f141156
- https://github.com/HappySeaFox/sail/security/advisories/GHSA-526v-vm72-4v64
- https://github.com/HappySeaFox/sail/security/advisories/GHSA-526v-vm72-4v64
FAQ
What is CVE-2026-40492?
CVE-2026-40492 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves ...
How severe is CVE-2026-40492?
CVE-2026-40492 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-40492?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.