Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged
Permalink CVE-2026-27168
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): ADJACENT_NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months ago Activity log
  • Created suggestion 2 months ago
SAIL: Heap-based Buffer Overflow in Sail-codecs-xwd

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os read directly from the file as the read size in io->strict_read(), and is never compared to the actual size of the destination buffer. An attacker can provide an XWD file with an arbitrarily large bytes_per_line, causing a massive write operation beyond the buffer heap allocated for the image pixels. The issue did not have a fix at the time of publication.

Affected products

sail
  • ==<= 0.9.10

Matching in nixpkgs

pkgs.sail

Spark-compatible compute engine built on Apache Arrow and DataFusion

  • nixos-unstable -
    • nixpkgs-unstable 0.5.0
    • nixos-unstable-small 0.5.0

pkgs.sailsd

Simulator daemon for autonomous sailing boats

pkgs.mainsail

Web interface for managing and controlling 3D printers with Klipper

pkgs.sail-riscv

Formal specification of the RISC-V architecture, written in Sail

  • nixos-unstable 0.8
    • nixpkgs-unstable 0.8
    • nixos-unstable-small 0.8
  • nixos-25.11 0.8
    • nixos-25.11-small 0.8
    • nixpkgs-25.11-darwin 0.8

pkgs.ocamlPackages.sail

Language for describing the instruction-set architecture (ISA) semantics of processors