CVE-2026-40492: CWE-787: Out-of-bounds Write in HappySeaFox sail
CVE-2026-40492 is a critical out-of-bounds write vulnerability in the HappySeaFox sail library, which handles image loading and saving. The flaw occurs when the XWD codec incorrectly uses bits_per_pixel instead of pixmap_depth for byte-swapping, causing memory access beyond the allocated buffer. This can lead to corruption of memory, potentially allowing an attacker to execute arbitrary code or cause a denial of service. The vulnerability affects versions of sail prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02. A patch addressing this issue was introduced in that commit. The CVSS score is 9. 8, indicating a critical severity level. No known exploits are reported in the wild at this time.
AI Analysis
Technical Summary
The HappySeaFox sail library's XWD codec resolves pixel format based on pixmap_depth but performs byte-swapping using bits_per_pixel independently. When pixmap_depth is 8 (indicating a 1 byte/pixel buffer) but bits_per_pixel is 32, the byte-swap loop accesses memory as uint32_t*, reading and writing four times the allocated buffer size. This out-of-bounds write (CWE-787) can cause memory corruption. This vulnerability is distinct from a previously reported issue (CVE-2026-27168) related to bytes_per_line validation. The issue was fixed in commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02.
Potential Impact
Successful exploitation of this vulnerability can result in high impact including complete confidentiality, integrity, and availability compromise of affected systems. The out-of-bounds write can lead to arbitrary code execution or denial of service due to memory corruption. The CVSS score of 9.8 reflects the critical nature of this vulnerability with network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability.
Mitigation Recommendations
A patch fixing this vulnerability was introduced in commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02 of the HappySeaFox sail library. Users and maintainers should update to this version or later to remediate the issue. No additional vendor advisory or official fix details are provided, so verifying the update and applying it is the recommended mitigation. Patch status is confirmed by the presence of the fixing commit.
CVE-2026-40492: CWE-787: Out-of-bounds Write in HappySeaFox sail
Description
CVE-2026-40492 is a critical out-of-bounds write vulnerability in the HappySeaFox sail library, which handles image loading and saving. The flaw occurs when the XWD codec incorrectly uses bits_per_pixel instead of pixmap_depth for byte-swapping, causing memory access beyond the allocated buffer. This can lead to corruption of memory, potentially allowing an attacker to execute arbitrary code or cause a denial of service. The vulnerability affects versions of sail prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02. A patch addressing this issue was introduced in that commit. The CVSS score is 9. 8, indicating a critical severity level. No known exploits are reported in the wild at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The HappySeaFox sail library's XWD codec resolves pixel format based on pixmap_depth but performs byte-swapping using bits_per_pixel independently. When pixmap_depth is 8 (indicating a 1 byte/pixel buffer) but bits_per_pixel is 32, the byte-swap loop accesses memory as uint32_t*, reading and writing four times the allocated buffer size. This out-of-bounds write (CWE-787) can cause memory corruption. This vulnerability is distinct from a previously reported issue (CVE-2026-27168) related to bytes_per_line validation. The issue was fixed in commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02.
Potential Impact
Successful exploitation of this vulnerability can result in high impact including complete confidentiality, integrity, and availability compromise of affected systems. The out-of-bounds write can lead to arbitrary code execution or denial of service due to memory corruption. The CVSS score of 9.8 reflects the critical nature of this vulnerability with network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability.
Mitigation Recommendations
A patch fixing this vulnerability was introduced in commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02 of the HappySeaFox sail library. Users and maintainers should update to this version or later to remediate the issue. No additional vendor advisory or official fix details are provided, so verifying the update and applying it is the recommended mitigation. Patch status is confirmed by the presence of the fixing commit.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-13T19:50:42.115Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e2ee8ebdfbbecc59cda5d7
Added to database: 4/18/2026, 2:38:06 AM
Last enriched: 4/18/2026, 2:53:19 AM
Last updated: 4/18/2026, 4:40:15 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.