PT-2026-33585 · Sail · Sail
Published
2026-04-18
·
Updated
2026-04-20
·
CVE-2026-40492
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAIL versions prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02
Description
The XWD codec resolves pixel format based on the
pixmap depth variable, but the byte-swap code independently uses bits per pixel. When pixmap depth is 8 (BPP8 INDEXED, 1 byte/pixel buffer) and bits per pixel is 32, the byte-swap loop accesses memory as uint32 t*, resulting in reading or writing four times the allocated buffer size.Recommendations
Update to the version containing commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sail