CVE-2026-40493

CRITICAL 9.8

SAIL has heap buffer overflow in PSD decoder — bpp mismatch in LAB 16-bit mode

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel (`bpp`) from raw header fields `channels * depth`, but the pixel buffer is allocated based on the resolved pixel format. For LAB mode with `channels=3, depth=16`, `bpp = (3*16+7)/8 = 6`, but the format `BPP40_CIE_LAB` allocates only 5 bytes per pixel. Every pixel write overshoots, causing a deterministic heap buffer overflow on every row. Commit c930284445ea3ff94451ccd7a57c999eca3bc979 contains a patch.

CWE	CWE-787
Vendor	happyseafox
Product	sail
Published	Apr 18, 2026

Stay Ahead of the Next One

Get instant alerts for happyseafox sail

Be the first to know when new critical vulnerabilities affecting happyseafox sail are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

HappySeaFox / sail

< c930284445ea3ff94451ccd7a57c999eca3bc979

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/HappySeaFox/sail/security/advisories/GHSA-rcqx-gc76-r9mv github.com: https://github.com/HappySeaFox/sail/commit/c930284445ea3ff94451ccd7a57c999eca3bc979