Description
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os read directly from the file as the read size in io->strict_read(), and is never compared to the actual size of the destination buffer. An attacker can provide an XWD file with an arbitrarily large bytes_per_line, causing a massive write operation beyond the buffer heap allocated for the image pixels. The issue did not have a fix at the time of publication.
Published: 2026-02-20
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Mitigate Promptly
AI Analysis

Impact

SAIL is a cross‑platform image library used to load and save images with animation, metadata, and ICC profiles. The vulnerability is a heap‑based buffer overflow in the XWD file parser; the parser reads the bytes_per_line field from the file and uses it directly as the read size without verifying the destination buffer size. An attacker can supply an XWD file with a very large bytes_per_line value, causing an out‑of‑bounds write that can corrupt the heap and potentially lead to arbitrary code execution or a denial‑of‑service crash. The weakness is a classic buffer overrun identified as CWE‑122.

Affected Systems

All releases of the HappySeaFox SAIL library are affected. The advisory lists the product as HappySeaFox:sail and indicates that every version contains the vulnerability. No specific version ranges are provided, so any deployment of the library, regardless of version, should be considered vulnerable.

Risk and Exploitability

The advisory assigns a CVSS v3 score of 8.8, indicating high severity, but the EPSS score is less than 1% and the vulnerability is not in CISA’s KEV catalog. This suggests that exploitation is technically feasible but requires an attacker to supply a crafted XWD file and the target application must be processing such files. The attack vector is likely through file upload or remote file inclusion, and mitigation actions are required until a patch is released. The risk remains significant for systems that accept untrusted image files.

Generated by OpenCVE AI on April 17, 2026 at 16:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable or restrict the use of XWD file loading in any application that uses the SAIL library; reject or remove support for XWD files from untrusted sources.
  • Monitor the GitHub Advisory and the HappySeaFox repository for a patch; upgrade to a fixed release as soon as available.
  • If disabling XWD is not feasible, implement custom bounds checking on the bytes_per_line value before passing it to the read function, or replace the parser with a safer implementation that validates the buffer size.

Generated by OpenCVE AI on April 17, 2026 at 16:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 02 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Sail
Sail sail
CPEs cpe:2.3:a:sail:sail:*:*:*:*:*:*:*:*
Vendors & Products Sail
Sail sail

Wed, 25 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Happyseafox
Happyseafox sail
Vendors & Products Happyseafox
Happyseafox sail

Fri, 20 Feb 2026 23:45:00 +0000

Type Values Removed Values Added
Description SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os read directly from the file as the read size in io->strict_read(), and is never compared to the actual size of the destination buffer. An attacker can provide an XWD file with an arbitrarily large bytes_per_line, causing a massive write operation beyond the buffer heap allocated for the image pixels. The issue did not have a fix at the time of publication.
Title SAIL: Heap-based Buffer Overflow in Sail-codecs-xwd
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Happyseafox Sail
Sail Sail
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-25T21:27:45.488Z

Reserved: 2026-02-18T00:18:53.963Z

Link: CVE-2026-27168

cve-icon Vulnrichment

Updated: 2026-02-25T21:27:40.748Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-21T00:16:16.640

Modified: 2026-03-02T13:28:55.607

Link: CVE-2026-27168

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T17:00:10Z

Weaknesses