The SAIL image library contains a heap buffer overflow in its TGA RLE decoder. The raw‑packet path on lines 305‑311 lacks the bounds check that the run‑packet path includes, allowing up to 496 bytes of attacker‑controlled data to be written beyond the end of a heap buffer. This can overwrite neighboring memory and lead to arbitrary code execution or other memory corruption effects, classifying the flaw as a classic buffer overflow (CWE‑787).

Any installation of the HappySeaFox SAIL library that has not incorporated commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302 or later. The issue exists across all platforms supported by SAIL because the vulnerable code resides in the core tga.c file. Applications that rely on the TGA format for loading images are affected if they use a pre‑patch version of the library.

The vulnerability carries a CVSS score of 9.8, placing it in the critical range, and its EPSS score is not available, leaving the exploitation probability uncertain. The flaw is not listed in CISA’s KEV catalog. Attackers can exploit it by supplying a specially crafted TGA file to any process that loads images through SAIL; the uncontrolled write occurs on the stack or heap of the process, so local code execution or privilege escalation is possible if the application runs with elevated rights. Because the vulnerability is file‑based, the attack surface extends to any user or remote attacker who can influence image input. No public exploits are currently documented, but the high severity and absence of mitigations in many deployments warrant immediate remediation.