← All reports

The SAIL library has critical vulnerabilities in its XWD, PSD, and TGA codecs that could lead to security risks.

CybersecurityApr 18, 2026score 0.173 posts · 0 replies across 1 instances
This thread discusses three critical vulnerabilities in the SAIL library, each affecting different image codecs (XWD, PSD, TGA) and highlighting potential security risks in image processing software. These vulnerabilities are rated as critical and have been disclosed through CVE identifiers.

Claims

The SAIL library has critical vulnerabilities in its XWD, PSD, and TGA codecs that could lead to security risks.
Parent: Software SecurityEntity: SAIL LibrarySub-entity: Image CodecsImpact: negativeDate: Apr 18, 2026Target: The security of the SAIL library's image codecs

Source posts

@[email protected]
🔴 CVE-2026-40494 - Critical (9.8) SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in `tga.c` has an asymmetric bounds check ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40494/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
1 boosts · 0 favs · 0 replies · Apr 18, 2026
#cve#vulnerability#infosec#cybersecurity#security#tenda
@[email protected]
🔴 CVE-2026-40493 - Critical (9.8) SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel (`bpp`) from raw header fields ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40493/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
1 boosts · 0 favs · 0 replies · Apr 18, 2026
#security#tenda#patchstack#cve#vulnerability#infosec
@[email protected]
🔴 CVE-2026-40492 - Critical (9.8) SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on `pixmap_depth` but the by... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40492/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
1 boosts · 0 favs · 0 replies · Apr 18, 2026
#cve#vulnerability#infosec#cybersecurity#security#tenda