{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27168", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-18T00:18:53.963Z", "datePublished": "2026-02-20T23:34:54.580Z", "dateUpdated": "2026-02-25T21:27:45.488Z"}, "containers": {"cna": {"title": "SAIL: Heap-based Buffer Overflow in Sail-codecs-xwd", "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/HappySeaFox/sail/security/advisories/GHSA-3g38-x2pj-mv55", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/HappySeaFox/sail/security/advisories/GHSA-3g38-x2pj-mv55"}], "affected": [{"vendor": "HappySeaFox", "product": "sail", "versions": [{"version": "<= 0.9.10", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-20T23:34:54.580Z"}, "descriptions": [{"lang": "en", "value": "SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os read directly from the file as the read size in io->strict_read(), and is never compared to the actual size of the destination buffer. An attacker can provide an XWD file with an arbitrarily large bytes_per_line, causing a massive write operation beyond the buffer heap allocated for the image pixels. The issue did not have a fix at the time of publication."}], "source": {"advisory": "GHSA-3g38-x2pj-mv55", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-25T21:27:33.611904Z", "id": "CVE-2026-27168", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T21:27:45.488Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27168", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-25T21:27:33.611904Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T21:27:40.748Z"}}], "cna": {"title": "SAIL: Heap-based Buffer Overflow in Sail-codecs-xwd", "source": {"advisory": "GHSA-3g38-x2pj-mv55", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "HappySeaFox", "product": "sail", "versions": [{"status": "affected", "version": "<= 0.9.10"}]}], "references": [{"url": "https://github.com/HappySeaFox/sail/security/advisories/GHSA-3g38-x2pj-mv55", "name": "https://github.com/HappySeaFox/sail/security/advisories/GHSA-3g38-x2pj-mv55", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os read directly from the file as the read size in io->strict_read(), and is never compared to the actual size of the destination buffer. An attacker can provide an XWD file with an arbitrarily large bytes_per_line, causing a massive write operation beyond the buffer heap allocated for the image pixels. The issue did not have a fix at the time of publication."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-20T23:34:54.580Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27168", "state": "PUBLISHED", "dateUpdated": "2026-02-25T21:27:45.488Z", "dateReserved": "2026-02-18T00:18:53.963Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-20T23:34:54.580Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sail:sail:*:*:*:*:*:*:*:*", "matchCriteriaId": "A15F82CC-0250-4354-9924-7ED09BAB716F", "versionEndIncluding": "0.9.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os read directly from the file as the read size in io->strict_read(), and is never compared to the actual size of the destination buffer. An attacker can provide an XWD file with an arbitrarily large bytes_per_line, causing a massive write operation beyond the buffer heap allocated for the image pixels. The issue did not have a fix at the time of publication."}, {"lang": "es", "value": "SAIL es una biblioteca multiplataforma para cargar y guardar im\u00e1genes con soporte para animaci\u00f3n, metadatos y perfiles ICC. Todas las versiones son vulnerables a desbordamiento de b\u00fafer basado en mont\u00edculo a trav\u00e9s del uso del valor bytes_per_line por parte del analizador XWD. El valor se lee directamente del archivo como el tama\u00f1o de lectura en io-&gt;strict_read(), y nunca se compara con el tama\u00f1o real del b\u00fafer de destino. Un atacante puede proporcionar un archivo XWD con un bytes_per_line arbitrariamente grande, causando una operaci\u00f3n de escritura masiva m\u00e1s all\u00e1 del b\u00fafer de mont\u00edculo asignado para los p\u00edxeles de la imagen. El problema no ten\u00eda una soluci\u00f3n en el momento de la publicaci\u00f3n."}], "id": "CVE-2026-27168", "lastModified": "2026-03-02T13:28:55.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-21T00:16:16.640", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/HappySeaFox/sail/security/advisories/GHSA-3g38-x2pj-mv55"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.9.10]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "sail", "source": "cna", "vendor": "HappySeaFox"}, "product": "sail", "vendor": "happyseafox"}], "analysis": {"en": {"generated_at": "2026-04-17T16:58:00.009624+00:00", "value": {"mitigation_remediation": ["Disable or restrict the use of XWD file loading in any application that uses the SAIL library; reject or remove support for XWD files from untrusted sources.", "Monitor the GitHub Advisory and the HappySeaFox repository for a patch; upgrade to a fixed release as soon as available.", "If disabling XWD is not feasible, implement custom bounds checking on the bytes_per_line value before passing it to the read function, or replace the parser with a safer implementation that validates the buffer size."], "summary": {"action": "Mitigate Promptly", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "All releases of the HappySeaFox SAIL library are affected. The advisory lists the product as HappySeaFox:sail and indicates that every version contains the vulnerability. No specific version ranges are provided, so any deployment of the library, regardless of version, should be considered vulnerable.", "description_and_impact": "SAIL is a cross\u2011platform image library used to load and save images with animation, metadata, and ICC profiles. The vulnerability is a heap\u2011based buffer overflow in the XWD file parser; the parser reads the bytes_per_line field from the file and uses it directly as the read size without verifying the destination buffer size. An attacker can supply an XWD file with a very large bytes_per_line value, causing an out\u2011of\u2011bounds write that can corrupt the heap and potentially lead to arbitrary code execution or a denial\u2011of\u2011service crash. The weakness is a classic buffer overrun identified as CWE\u2011122.", "risk_and_exploitability": "The advisory assigns a CVSS v3 score of 8.8, indicating high severity, but the EPSS score is less than 1% and the vulnerability is not in CISA\u2019s KEV catalog. This suggests that exploitation is technically feasible but requires an attacker to supply a crafted XWD file and the target application must be processing such files. The attack vector is likely through file upload or remote file inclusion, and mitigation actions are required until a patch is released. The risk remains significant for systems that accept untrusted image files."}}}}, "created": "2026-02-23T14:33:00.324310+00:00", "updated": "2026-04-17T17:00:10.203705+00:00", "vendors": ["happyseafox", "happyseafox$PRODUCT$sail"]}