CVE-2026-40492 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 18, 2026
SAIL - Buffer Overflow
Overview
SAIL contains a buffer overflow caused by inconsistent use of pixmap_depth and bits_per_pixel in the XWD codec byte-swap code, letting attackers cause memory corruption, exploit requires crafted image input.
Severity & Score
Impact
Attackers can cause memory corruption leading to potential denial of service or code execution.
Mitigation
Update to the version including commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02 or later.
References
Social Media Activity(2 posts)
š“ CVE-2026-40492 - Critical (9.8) SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on `pixmap_depth` but the by... š https://www.thehackerwire.com/vulnerability/CVE-2026-40492/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-40492 - Critical (9.8) SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on `pixmap_depth` but the by... š https://www.thehackerwire.com/vulnerability/CVE-2026-40492/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-40492
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- buffer_overflow
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-787
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H