CVE-2026-27168

Name of the Vulnerable Software and Affected Versions SAIL (affected versions not specified)

Description SAIL is a cross-platform library used for loading and saving images, supporting animation, metadata, and ICC profiles. The software contains a flaw due to the XWD parser's handling of the bytes per line value. This value, read directly from a file using the io->strict read() function, is used as the read size without validation against the destination buffer's size. An attacker can exploit this by providing a specially crafted XWD file with a large bytes per line value, leading to a heap-based buffer overflow during a write operation beyond the allocated memory for image pixels.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.