<0.1% probability · 17.5th percentile — 2026-05-12
Affected versions
SAIL image library prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02
Summary
This is a distinct heap buffer overflow vulnerability in the XWD codec of the SAIL cross-platform image processing library. A mismatch between pixel depth used for buffer allocation and bits per pixel used for byte swapping allows out-of-bounds memory access when processing malicious XWD files. This issue is separate from previously disclosed vulnerabilities in SAIL. Exploitation can result in application crash, information leak, or remote code execution.
Remediation
Apply the official fix from commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02. Block processing of untrusted XWD files in SAIL-dependent applications until the patch is applied. Regularly update third-party image processing dependencies to address newly disclosed issues.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.