Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-40494

9.8 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 4 days, 20 hours ago Activity log

Created suggestion 4 days, 20 hours ago

SAIL has heap buffer overflow in TGA RLE decoder — raw packet path missing bounds check

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in `tga.c` has an asymmetric bounds check vulnerability. The run-packet path (line 297) correctly clamps the repeat count to the remaining buffer space, but the raw-packet path (line 305-311) has no equivalent bounds check. This allows writing up to 496 bytes of attacker-controlled data past the end of a heap buffer. Commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302 patches the issue.

References

https://github.com/HappySeaFox/sail/security/advisories/GHSA-cp2j-rwh4-r46f x_refsource_CONFIRM
https://github.com/HappySeaFox/sail/commit/45d48d1f2e8e0d73e80bc1fd5310cb57f4547302 x_refsource_MISC

Affected products

sail

==< 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302

Matching in nixpkgs

pkgs.sail

Spark-compatible compute engine built on Apache Arrow and DataFusion

nixos-unstable 0.5.3
- nixpkgs-unstable 0.5.3
- nixos-unstable-small 0.5.3

pkgs.sailsd

Simulator daemon for autonomous sailing boats

nixos-unstable 0.3.0
- nixpkgs-unstable 0.3.0
- nixos-unstable-small 0.3.0
nixos-25.11 0.3.0
- nixos-25.11-small 0.3.0
- nixpkgs-25.11-darwin 0.3.0

pkgs.mainsail

Web interface for managing and controlling 3D printers with Klipper

nixos-unstable 2.17.0
- nixpkgs-unstable 2.17.0
- nixos-unstable-small 2.17.0
nixos-25.11 2.14.0
- nixos-25.11-small 2.14.0
- nixpkgs-25.11-darwin 2.14.0

pkgs.sail-riscv

Formal specification of the RISC-V architecture, written in Sail

nixos-unstable 0.8
- nixpkgs-unstable 0.8
- nixos-unstable-small 0.8
nixos-25.11 0.8
- nixos-25.11-small 0.8
- nixpkgs-25.11-darwin 0.8

pkgs.ocamlPackages.sail

Language for describing the instruction-set architecture (ISA) semantics of processors

nixos-unstable 0.20.1
- nixpkgs-unstable 0.20.1
- nixos-unstable-small 0.20.1
nixos-25.11 0.20
- nixos-25.11-small 0.20
- nixpkgs-25.11-darwin 0.20

pkgs.sailfish-access-control

Thin wrapper on top of pwd.h and grp.h of glibc

nixos-unstable 0.0.12
- nixpkgs-unstable 0.0.12
- nixos-unstable-small 0.0.12
nixos-25.11 0.0.12
- nixos-25.11-small 0.0.12
- nixpkgs-25.11-darwin 0.0.12

pkgs.ocamlPackages_latest.sail

Language for describing the instruction-set architecture (ISA) semantics of processors

nixos-unstable 0.20.1
- nixpkgs-unstable 0.20.1
- nixos-unstable-small 0.20.1

pkgs.haskellPackages.amazonka-lightsail

Amazon Lightsail SDK

nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
nixos-25.11 2.0-unstable-2025-04-16
- nixos-25.11-small 2.0-unstable-2025-04-16
- nixpkgs-25.11-darwin 2.0-unstable-2025-04-16

pkgs.python312Packages.mypy-boto3-lightsail

Type annotations for boto3 lightsail

nixos-25.11 boto3-lightsail-1.41.0
- nixos-25.11-small boto3-lightsail-1.41.0
- nixpkgs-25.11-darwin boto3-lightsail-1.41.0

pkgs.python313Packages.mypy-boto3-lightsail

Type annotations for boto3 lightsail

nixos-unstable boto3-lightsail-1.42.84
- nixpkgs-unstable boto3-lightsail-1.42.84
- nixos-unstable-small boto3-lightsail-1.42.84
nixos-25.11 boto3-lightsail-1.41.0
- nixos-25.11-small boto3-lightsail-1.41.0
- nixpkgs-25.11-darwin boto3-lightsail-1.41.0

pkgs.python314Packages.mypy-boto3-lightsail

Type annotations for boto3 lightsail

nixos-unstable boto3-lightsail-1.42.84
- nixpkgs-unstable boto3-lightsail-1.42.84
- nixos-unstable-small boto3-lightsail-1.42.84

pkgs.libsForQt5.sailfish-access-control-plugin

QML interface for sailfish-access-control

nixos-unstable 0.0.12
- nixpkgs-unstable 0.0.12
- nixos-unstable-small 0.0.12
nixos-25.11 0.0.12
- nixos-25.11-small 0.0.12
- nixpkgs-25.11-darwin 0.0.12

pkgs.kdePackages.sailfish-access-control-plugin

QML interface for sailfish-access-control

nixos-unstable 0.0.12
- nixpkgs-unstable 0.0.12
- nixos-unstable-small 0.0.12
nixos-25.11 0.0.12
- nixos-25.11-small 0.0.12
- nixpkgs-25.11-darwin 0.0.12

pkgs.qt6Packages.sailfish-access-control-plugin

QML interface for sailfish-access-control

nixos-unstable 0.0.12
- nixpkgs-unstable 0.0.12
- nixos-unstable-small 0.0.12
nixos-25.11 0.0.12
- nixos-25.11-small 0.0.12
- nixpkgs-25.11-darwin 0.0.12

pkgs.python312Packages.types-aiobotocore-lightsail

Type annotations for aiobotocore lightsail

nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.python313Packages.types-aiobotocore-lightsail

Type annotations for aiobotocore lightsail

nixos-unstable 3.2.1
- nixpkgs-unstable 3.2.1
- nixos-unstable-small 3.2.1
nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.plasma5Packages.sailfish-access-control-plugin

QML interface for sailfish-access-control

nixos-unstable 0.0.12
- nixpkgs-unstable 0.0.12
- nixos-unstable-small 0.0.12
nixos-25.11 0.0.12
- nixos-25.11-small 0.0.12
- nixpkgs-25.11-darwin 0.0.12

Package maintainers

@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
@Wulfsta Wulfsta <wulfstawulfsta@gmail.com>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@davidlghellin David López <hola@devel0pez.com>
@kragniz Louis Taylor <louis@kragniz.eu>
@mbalatsko Maksym Balatsko <mbalatsko@gmail.com>