The Sail image processing library has multiple high-severity vulnerabilities in its TGA, PSD, and XWD codecs that could lead to security risks.

🚨 EUVD-2026-23644 📊 Score: 9.8/10 (CVSS v3.1) 📦 Product: sail 🏢 Vendor: HappySeaFox 📅 Updated: 2026-04-18 📝 SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on `pixmap_depth` but the byte-swap co... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23644 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23646 📊 Score: 9.8/10 (CVSS v3.1) 📦 Product: sail 🏢 Vendor: HappySeaFox 📅 Updated: 2026-04-18 📝 SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel (`bpp`) from raw header fields `channels ... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23646 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23648 📊 Score: 9.8/10 (CVSS v3.1) 📦 Product: sail 🏢 Vendor: HappySeaFox 📅 Updated: 2026-04-18 📝 SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in `tga.c` has an asymmetric bounds check vulnerabil... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23648 #cybersecurity #infosec #euvd #cve #vulnerability