Buffer overflow in Happyseafox Sail
CVE-2026-40492
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on `pixmap_depth` bu…
Vulnerability class: Buffer Overflow
EPSS: 0.001 (19.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Happyseafox Sail — versions < 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02
Weakness classification (CWE)
References
- https://github.com/HappySeaFox/sail/security/advisories/GHSA-526v-vm72-4v64 (x_refsource_CONFIRM)
- https://github.com/HappySeaFox/sail/commit/36aa5c7ec8a2bb35f6fb867a1177a6f141156b02 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2026-40492?
- CVE-2026-40492 is a critical-severity vulnerability in Happyseafox Sail, classified under Out-of-bounds Write. CVSS score: 9.8/10. Published 2026-04-18.
- How severe is CVE-2026-40492?
- Critical severity. CVSS v3 base score is 9.8 out of 10.