8.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): ADJACENT_NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
SAIL: Heap-based Buffer Overflow in Sail-codecs-xwd
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os read directly from the file as the read size in io->strict_read(), and is never compared to the actual size of the destination buffer. An attacker can provide an XWD file with an arbitrarily large bytes_per_line, causing a massive write operation beyond the buffer heap allocated for the image pixels. The issue did not have a fix at the time of publication.
References
- https://github.com/HappySeaFox/sail/security/advisories/GHSA-3g38-x2pj-mv55 x_refsource_CONFIRM
Affected products
- ==<= 0.9.10
Matching in nixpkgs
pkgs.sail
Spark-compatible compute engine built on Apache Arrow and DataFusion
pkgs.sailsd
Simulator daemon for autonomous sailing boats
pkgs.mainsail
Web interface for managing and controlling 3D printers with Klipper
pkgs.sail-riscv
Formal specification of the RISC-V architecture, written in Sail
pkgs.ocamlPackages.sail
Language for describing the instruction-set architecture (ISA) semantics of processors
pkgs.sailfish-access-control
Thin wrapper on top of pwd.h and grp.h of glibc
pkgs.ocamlPackages_latest.sail
Language for describing the instruction-set architecture (ISA) semantics of processors
pkgs.haskellPackages.amazonka-lightsail
Amazon Lightsail SDK
-
nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
-
nixos-25.11 2.0-unstable-2025-04-16
- nixos-25.11-small 2.0-unstable-2025-04-16
- nixpkgs-25.11-darwin 2.0-unstable-2025-04-16
pkgs.python312Packages.mypy-boto3-lightsail
Type annotations for boto3 lightsail
-
nixos-25.11 boto3-lightsail-1.41.0
- nixos-25.11-small boto3-lightsail-1.41.0
- nixpkgs-25.11-darwin boto3-lightsail-1.41.0
pkgs.python313Packages.mypy-boto3-lightsail
Type annotations for boto3 lightsail
-
nixos-unstable boto3-lightsail-1.42.3
- nixpkgs-unstable boto3-lightsail-1.42.3
- nixos-unstable-small boto3-lightsail-1.42.3
-
nixos-25.11 boto3-lightsail-1.41.0
- nixos-25.11-small boto3-lightsail-1.41.0
- nixpkgs-25.11-darwin boto3-lightsail-1.41.0
pkgs.python314Packages.mypy-boto3-lightsail
Type annotations for boto3 lightsail
-
nixos-unstable boto3-lightsail-1.42.3
- nixpkgs-unstable boto3-lightsail-1.42.3
- nixos-unstable-small boto3-lightsail-1.42.3
pkgs.libsForQt5.sailfish-access-control-plugin
QML interface for sailfish-access-control
pkgs.kdePackages.sailfish-access-control-plugin
QML interface for sailfish-access-control
pkgs.qt6Packages.sailfish-access-control-plugin
QML interface for sailfish-access-control
pkgs.python312Packages.types-aiobotocore-lightsail
Type annotations for aiobotocore lightsail
pkgs.python313Packages.types-aiobotocore-lightsail
Type annotations for aiobotocore lightsail
Package maintainers
-
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
-
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
-
@Wulfsta Wulfsta <wulfstawulfsta@gmail.com>
-
@shhht shhht <stp.tjeerd@gmail.com>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@mbalatsko Maksym Balatsko <mbalatsko@gmail.com>
-
@GenericNerdyUsername GenericNerdyUsername <genericnerdyusername@proton.me>
-
@kragniz Louis Taylor <louis@kragniz.eu>
-
@davidlghellin David López <hola@devel0pez.com>