CVE-2026-35444: CWE-125: Out-of-bounds Read in libsdl-org SDL_image
CVE-2026-35444 is a high-severity vulnerability in the SDL_image library where out-of-bounds reads occur due to improper validation of pixel indices against the colormap size in XCF image processing. This flaw allows heap memory beyond the colormap allocation to be read and leaked into the rendered image surface. The issue affects versions of SDL_image prior to the commit 996bf12888925932daace576e09c3053410896f8, which contains the fix. There are no known exploits in the wild at this time.
AI Analysis
Technical Summary
SDL_image's do_layer_surface() function in src/IMG_xcf.c uses pixel index values from decoded XCF tile data directly as colormap indices without validating them against the colormap size (cm_num). This leads to heap out-of-bounds reads of up to 762 bytes past the colormap allocation when processing crafted .xcf files with small colormaps and out-of-range pixel indices. Both 1-bit and 2-bit per pixel indexed image code paths are affected. The leaked heap bytes are written into the output surface pixel data, potentially exposing memory contents in the rendered image. The vulnerability is fixed in commit 996bf12888925932daace576e09c3053410896f8.
Potential Impact
An attacker can craft a malicious .xcf image file that triggers heap out-of-bounds reads during image loading, causing memory beyond the colormap to be leaked into the rendered image surface. This can lead to exposure of sensitive memory contents (confidentiality impact). There is no indication of integrity or availability impact. The CVSS score is 7.1 (high), reflecting network attack vector, low complexity, no privileges required, user interaction required, and high confidentiality impact.
Mitigation Recommendations
A fix for this vulnerability is available and included in commit 996bf12888925932daace576e09c3053410896f8. Users should update SDL_image to a version that includes this commit or later. Since this is a library, integrating the patched version into dependent projects is necessary to mitigate the issue. No other vendor advisory or temporary fix information is provided. Patch status is confirmed by the vendor commit reference.
CVE-2026-35444: CWE-125: Out-of-bounds Read in libsdl-org SDL_image
Description
CVE-2026-35444 is a high-severity vulnerability in the SDL_image library where out-of-bounds reads occur due to improper validation of pixel indices against the colormap size in XCF image processing. This flaw allows heap memory beyond the colormap allocation to be read and leaked into the rendered image surface. The issue affects versions of SDL_image prior to the commit 996bf12888925932daace576e09c3053410896f8, which contains the fix. There are no known exploits in the wild at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
SDL_image's do_layer_surface() function in src/IMG_xcf.c uses pixel index values from decoded XCF tile data directly as colormap indices without validating them against the colormap size (cm_num). This leads to heap out-of-bounds reads of up to 762 bytes past the colormap allocation when processing crafted .xcf files with small colormaps and out-of-range pixel indices. Both 1-bit and 2-bit per pixel indexed image code paths are affected. The leaked heap bytes are written into the output surface pixel data, potentially exposing memory contents in the rendered image. The vulnerability is fixed in commit 996bf12888925932daace576e09c3053410896f8.
Potential Impact
An attacker can craft a malicious .xcf image file that triggers heap out-of-bounds reads during image loading, causing memory beyond the colormap to be leaked into the rendered image surface. This can lead to exposure of sensitive memory contents (confidentiality impact). There is no indication of integrity or availability impact. The CVSS score is 7.1 (high), reflecting network attack vector, low complexity, no privileges required, user interaction required, and high confidentiality impact.
Mitigation Recommendations
A fix for this vulnerability is available and included in commit 996bf12888925932daace576e09c3053410896f8. Users should update SDL_image to a version that includes this commit or later. Since this is a library, integrating the patched version into dependent projects is necessary to mitigate the issue. No other vendor advisory or temporary fix information is provided. Patch status is confirmed by the vendor commit reference.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-02T19:25:52.192Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d42d0d0a160ebd92e15bc8
Added to database: 4/6/2026, 10:00:45 PM
Last enriched: 4/6/2026, 10:15:38 PM
Last updated: 4/7/2026, 3:24:21 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.