CVE-2026-40493

Source
https://cve.org/CVERecord?id=CVE-2026-40493
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40493.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-40493
Aliases
  • GHSA-rcqx-gc76-r9mv
Downstream
Published
2026-04-18T01:41:14.664Z
Modified
2026-07-08T08:12:34.695319399Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
SAIL has heap buffer overflow in PSD decoder — bpp mismatch in LAB 16-bit mode
Details

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel (bpp) from raw header fields channels * depth, but the pixel buffer is allocated based on the resolved pixel format. For LAB mode with channels=3, depth=16, bpp = (3*16+7)/8 = 6, but the format BPP40_CIE_LAB allocates only 5 bytes per pixel. Every pixel write overshoots, causing a deterministic heap buffer overflow on every row. Commit c930284445ea3ff94451ccd7a57c999eca3bc979 contains a patch.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "fixed": "c930284445ea3ff94451ccd7a57c999eca3bc979"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40493.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-787"
    ]
}
References

Affected packages

Git / github.com/happyseafox/sail

Affected ranges

Type
GIT
Repo
https://github.com/happyseafox/sail
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Affected versions

v0.*
v0.9.0
v0.9.0-pre1
v0.9.0-pre10
v0.9.0-pre11
v0.9.0-pre12
v0.9.0-pre13
v0.9.0-pre14
v0.9.0-pre15
v0.9.0-pre16
v0.9.0-pre17
v0.9.0-pre18
v0.9.0-pre19
v0.9.0-pre2
v0.9.0-pre20
v0.9.0-pre21
v0.9.0-pre22
v0.9.0-pre23
v0.9.0-pre3
v0.9.0-pre4
v0.9.0-pre5
v0.9.0-pre6
v0.9.0-pre7
v0.9.0-pre8
v0.9.0-pre9
v0.9.0-rc1
v0.9.0-rc2
v0.9.0-rc3
v0.9.1
v0.9.10
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.8
v0.9.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40493.json"