<0.1% probability · 17.5th percentile — 2026-05-12
Affected versions
SAIL image library prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979
Summary
This vulnerability exists in the PSD codec of the cross-platform SAIL image processing library. Incorrect bytes-per-pixel calculation for LAB mode PSD images leads to a deterministic heap buffer overflow when processing maliciously crafted files. An attacker can trigger this by getting an application using SAIL to parse a malicious PSD file. Successful exploitation can lead to application crash, information disclosure, or remote code execution.
Remediation
Apply the official patch available in commit c930284445ea3ff94451ccd7a57c999eca3bc979. If patching is not immediately possible, restrict parsing of untrusted PSD files by applications using SAIL. Update the SAIL dependency to the latest fixed version as soon as possible.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.