Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-40493

9.8 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 4 days, 20 hours ago Activity log

Created suggestion 4 days, 20 hours ago

SAIL has heap buffer overflow in PSD decoder — bpp mismatch in LAB 16-bit mode

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel (`bpp`) from raw header fields `channels * depth`, but the pixel buffer is allocated based on the resolved pixel format. For LAB mode with `channels=3, depth=16`, `bpp = (3*16+7)/8 = 6`, but the format `BPP40_CIE_LAB` allocates only 5 bytes per pixel. Every pixel write overshoots, causing a deterministic heap buffer overflow on every row. Commit c930284445ea3ff94451ccd7a57c999eca3bc979 contains a patch.

References

https://github.com/HappySeaFox/sail/security/advisories/GHSA-rcqx-gc76-r9mv x_refsource_CONFIRM
https://github.com/HappySeaFox/sail/commit/c930284445ea3ff94451ccd7a57c999eca3bc979 x_refsource_MISC

Affected products

sail

==< c930284445ea3ff94451ccd7a57c999eca3bc979

Matching in nixpkgs

pkgs.sail

Spark-compatible compute engine built on Apache Arrow and DataFusion

nixos-unstable 0.5.3
- nixpkgs-unstable 0.5.3
- nixos-unstable-small 0.5.3

pkgs.sailsd

Simulator daemon for autonomous sailing boats

nixos-unstable 0.3.0
- nixpkgs-unstable 0.3.0
- nixos-unstable-small 0.3.0
nixos-25.11 0.3.0
- nixos-25.11-small 0.3.0
- nixpkgs-25.11-darwin 0.3.0

pkgs.mainsail

Web interface for managing and controlling 3D printers with Klipper

nixos-unstable 2.17.0
- nixpkgs-unstable 2.17.0
- nixos-unstable-small 2.17.0
nixos-25.11 2.14.0
- nixos-25.11-small 2.14.0
- nixpkgs-25.11-darwin 2.14.0

pkgs.sail-riscv

Formal specification of the RISC-V architecture, written in Sail

nixos-unstable 0.8
- nixpkgs-unstable 0.8
- nixos-unstable-small 0.8
nixos-25.11 0.8
- nixos-25.11-small 0.8
- nixpkgs-25.11-darwin 0.8

pkgs.ocamlPackages.sail

Language for describing the instruction-set architecture (ISA) semantics of processors

nixos-unstable 0.20.1
- nixpkgs-unstable 0.20.1
- nixos-unstable-small 0.20.1
nixos-25.11 0.20
- nixos-25.11-small 0.20
- nixpkgs-25.11-darwin 0.20

pkgs.sailfish-access-control

Thin wrapper on top of pwd.h and grp.h of glibc

nixos-unstable 0.0.12
- nixpkgs-unstable 0.0.12
- nixos-unstable-small 0.0.12
nixos-25.11 0.0.12
- nixos-25.11-small 0.0.12
- nixpkgs-25.11-darwin 0.0.12

pkgs.ocamlPackages_latest.sail

Language for describing the instruction-set architecture (ISA) semantics of processors

nixos-unstable 0.20.1
- nixpkgs-unstable 0.20.1
- nixos-unstable-small 0.20.1

pkgs.haskellPackages.amazonka-lightsail

Amazon Lightsail SDK

nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
nixos-25.11 2.0-unstable-2025-04-16
- nixos-25.11-small 2.0-unstable-2025-04-16
- nixpkgs-25.11-darwin 2.0-unstable-2025-04-16

pkgs.python312Packages.mypy-boto3-lightsail

Type annotations for boto3 lightsail

nixos-25.11 boto3-lightsail-1.41.0
- nixos-25.11-small boto3-lightsail-1.41.0
- nixpkgs-25.11-darwin boto3-lightsail-1.41.0

pkgs.python313Packages.mypy-boto3-lightsail

Type annotations for boto3 lightsail

nixos-unstable boto3-lightsail-1.42.84
- nixpkgs-unstable boto3-lightsail-1.42.84
- nixos-unstable-small boto3-lightsail-1.42.84
nixos-25.11 boto3-lightsail-1.41.0
- nixos-25.11-small boto3-lightsail-1.41.0
- nixpkgs-25.11-darwin boto3-lightsail-1.41.0

pkgs.python314Packages.mypy-boto3-lightsail

Type annotations for boto3 lightsail

nixos-unstable boto3-lightsail-1.42.84
- nixpkgs-unstable boto3-lightsail-1.42.84
- nixos-unstable-small boto3-lightsail-1.42.84

pkgs.libsForQt5.sailfish-access-control-plugin

QML interface for sailfish-access-control

nixos-unstable 0.0.12
- nixpkgs-unstable 0.0.12
- nixos-unstable-small 0.0.12
nixos-25.11 0.0.12
- nixos-25.11-small 0.0.12
- nixpkgs-25.11-darwin 0.0.12

pkgs.kdePackages.sailfish-access-control-plugin

QML interface for sailfish-access-control

nixos-unstable 0.0.12
- nixpkgs-unstable 0.0.12
- nixos-unstable-small 0.0.12
nixos-25.11 0.0.12
- nixos-25.11-small 0.0.12
- nixpkgs-25.11-darwin 0.0.12

pkgs.qt6Packages.sailfish-access-control-plugin

QML interface for sailfish-access-control

nixos-unstable 0.0.12
- nixpkgs-unstable 0.0.12
- nixos-unstable-small 0.0.12
nixos-25.11 0.0.12
- nixos-25.11-small 0.0.12
- nixpkgs-25.11-darwin 0.0.12

pkgs.python312Packages.types-aiobotocore-lightsail

Type annotations for aiobotocore lightsail

nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.python313Packages.types-aiobotocore-lightsail

Type annotations for aiobotocore lightsail

nixos-unstable 3.2.1
- nixpkgs-unstable 3.2.1
- nixos-unstable-small 3.2.1
nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.plasma5Packages.sailfish-access-control-plugin

QML interface for sailfish-access-control

nixos-unstable 0.0.12
- nixpkgs-unstable 0.0.12
- nixos-unstable-small 0.0.12
nixos-25.11 0.0.12
- nixos-25.11-small 0.0.12
- nixpkgs-25.11-darwin 0.0.12

Package maintainers

@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
@Wulfsta Wulfsta <wulfstawulfsta@gmail.com>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@davidlghellin David López <hola@devel0pez.com>
@kragniz Louis Taylor <louis@kragniz.eu>
@mbalatsko Maksym Balatsko <mbalatsko@gmail.com>