Description

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel (`bpp`) from raw header fields `channels * depth`, but the pixel buffer is allocated based on the resolved pixel format. For LAB mode with `channels=3, depth=16`, `bpp = (3*16+7)/8 = 6`, but the format `BPP40_CIE_LAB` allocates only 5 bytes per pixel. Every pixel write overshoots, causing a deterministic heap buffer overflow on every row. Commit c930284445ea3ff94451ccd7a57c999eca3bc979 contains a patch.

INFO

Published Date :

2026-04-18T01:41:14.664Z

Last Modified :

2026-04-18T01:41:14.664Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-40493 vulnerability.

Vendors Products
Happyseafox
  • Sail
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-40493.

URL Resource
https://github.com/HappySeaFox/sail/commit/c930284445ea3ff94451ccd7a57c999eca3bc979 cve-icon cve-icon
https://github.com/HappySeaFox/sail/security/advisories/GHSA-rcqx-gc76-r9mv cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact