Platform
c
Component
sail
Fixed in
36.0.1
CVE-2026-40492 describes a critical buffer overflow vulnerability discovered in the SAIL image library. This flaw arises from an error in the XWD codec's byte-swap logic, allowing attackers to potentially execute arbitrary code. The vulnerability affects versions of SAIL prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, and a fix is available in that version.
An attacker exploiting this buffer overflow could potentially achieve remote code execution by crafting a malicious XWD image. The vulnerability stems from the XWD codec incorrectly resolving pixel format and using bitsperpixel independently, leading to out-of-bounds memory access when pixmapdepth is 8 and bitsper_pixel is 32. This allows writing beyond the allocated buffer, potentially overwriting critical data or injecting malicious code. The blast radius depends on how SAIL is integrated into the application; if SAIL processes user-supplied images without proper validation, the risk is significantly higher. This vulnerability is distinct from CVE-2026-27168, highlighting the complexity of image processing libraries.
The vulnerability was publicly disclosed on 2026-04-18. No public proof-of-concept (PoC) code has been released at the time of writing, but the critical severity and potential for remote code execution suggest a high likelihood of exploitation if a PoC is developed. It is not currently listed on the CISA KEV catalog. The description explicitly differentiates it from CVE-2026-27168, indicating ongoing security concerns within the SAIL library.
Exploit Status
EPSS
0.06% (17% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-40492 is to immediately upgrade to version 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02 or later. If upgrading is not immediately feasible, consider implementing input validation to restrict the types of images processed by SAIL, specifically filtering out potentially malicious XWD files. WAF rules could be configured to block requests containing XWD images from untrusted sources. Carefully review any custom XWD decoding logic for similar vulnerabilities. After upgrading, confirm the fix by attempting to process a known malicious XWD file (in a controlled environment) and verifying that the application does not crash or exhibit unexpected behavior.
Update the SAIL library to version 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02 or higher to fix the heap buffer overflow vulnerability in the XWD decoder. This fix addresses the type confusion between `pixmap_depth` and `bits_per_pixel` during byte-swapping, preventing out-of-bounds memory access.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-40492 is a critical buffer overflow vulnerability in the SAIL image library affecting versions before 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02. It allows attackers to potentially execute code by exploiting incorrect byte-swap logic in the XWD codec.
You are affected if your application uses SAIL version 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02 or earlier and processes XWD images, especially if those images are user-supplied.
Upgrade to version 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02 or later. If immediate upgrade is not possible, implement strict input validation to filter XWD files.
While no public exploits are currently known, the critical severity and potential for remote code execution suggest a high risk of exploitation if a PoC is developed.
Refer to the SAIL project's official website or GitHub repository for the latest security advisories and updates related to CVE-2026-40492.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.