<0.1% probability · 17.5th percentile — 2026-05-12
Affected versions
SAIL image library prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302
Summary
This vulnerability is an asymmetric bounds check flaw in the RLE decoder of the TGA codec in the SAIL image processing library. While the run-packet code path correctly clamps repeat counts to available buffer space, the raw-packet path lacks equivalent bounds checking. This allows attackers to write up to 496 bytes of controlled data past the end of a heap buffer via a malicious TGA file. Exploitation can lead to remote code execution or full application compromise.
Remediation
Apply the official patch available in commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302. Restrict processing of untrusted TGA image files in SAIL-dependent applications until the fix is deployed. Verify that all other recently disclosed SAIL vulnerabilities are also patched in your environment.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.