CVE-2026-40492

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on pixmap depth but the byte-swap code uses bits per pixel independently. When pixmap depth=8 (BPP8 INDEXED, 1 byte/pixel buffer) but bits per pixel=32, the byte-swap loop accesses memory as uint32 t*, reading/writing 4x the allocated buffer size. This is a different vulnerability from the previously reported GHSA-3g38-x2pj-mv55 (CVE-2026-27168), which addressed bytes per line validation. Commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02 contains a patch.