Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: mainsail

Found 4 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-40492
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 days, 19 hours ago Activity log
  • Created suggestion 4 days, 19 hours ago
SAIL has heap buffer overflow in XWD decoder — bits_per_pixel vs pixmap_depth type confusion in byte-swap

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on `pixmap_depth` but the byte-swap code uses `bits_per_pixel` independently. When `pixmap_depth=8` (BPP8_INDEXED, 1 byte/pixel buffer) but `bits_per_pixel=32`, the byte-swap loop accesses memory as `uint32_t*`, reading/writing 4x the allocated buffer size. This is a different vulnerability from the previously reported GHSA-3g38-x2pj-mv55 (CVE-2026-27168), which addressed `bytes_per_line` validation. Commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02 contains a patch.

Affected products

sail
  • ==< 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02

Matching in nixpkgs

pkgs.sail

Spark-compatible compute engine built on Apache Arrow and DataFusion

pkgs.sailsd

Simulator daemon for autonomous sailing boats

pkgs.mainsail

Web interface for managing and controlling 3D printers with Klipper

pkgs.sail-riscv

Formal specification of the RISC-V architecture, written in Sail

  • nixos-unstable 0.8
    • nixpkgs-unstable 0.8
    • nixos-unstable-small 0.8
  • nixos-25.11 0.8
    • nixos-25.11-small 0.8
    • nixpkgs-25.11-darwin 0.8

pkgs.ocamlPackages.sail

Language for describing the instruction-set architecture (ISA) semantics of processors

Package maintainers

Untriaged
Permalink CVE-2026-40494
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 days, 19 hours ago Activity log
  • Created suggestion 4 days, 19 hours ago
SAIL has heap buffer overflow in TGA RLE decoder — raw packet path missing bounds check

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in `tga.c` has an asymmetric bounds check vulnerability. The run-packet path (line 297) correctly clamps the repeat count to the remaining buffer space, but the raw-packet path (line 305-311) has no equivalent bounds check. This allows writing up to 496 bytes of attacker-controlled data past the end of a heap buffer. Commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302 patches the issue.

Affected products

sail
  • ==< 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302

Matching in nixpkgs

pkgs.sail

Spark-compatible compute engine built on Apache Arrow and DataFusion

pkgs.sailsd

Simulator daemon for autonomous sailing boats

pkgs.mainsail

Web interface for managing and controlling 3D printers with Klipper

pkgs.sail-riscv

Formal specification of the RISC-V architecture, written in Sail

  • nixos-unstable 0.8
    • nixpkgs-unstable 0.8
    • nixos-unstable-small 0.8
  • nixos-25.11 0.8
    • nixos-25.11-small 0.8
    • nixpkgs-25.11-darwin 0.8

pkgs.ocamlPackages.sail

Language for describing the instruction-set architecture (ISA) semantics of processors

Package maintainers

Untriaged
Permalink CVE-2026-40493
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 days, 19 hours ago Activity log
  • Created suggestion 4 days, 19 hours ago
SAIL has heap buffer overflow in PSD decoder — bpp mismatch in LAB 16-bit mode

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel (`bpp`) from raw header fields `channels * depth`, but the pixel buffer is allocated based on the resolved pixel format. For LAB mode with `channels=3, depth=16`, `bpp = (3*16+7)/8 = 6`, but the format `BPP40_CIE_LAB` allocates only 5 bytes per pixel. Every pixel write overshoots, causing a deterministic heap buffer overflow on every row. Commit c930284445ea3ff94451ccd7a57c999eca3bc979 contains a patch.

Affected products

sail
  • ==< c930284445ea3ff94451ccd7a57c999eca3bc979

Matching in nixpkgs

pkgs.sail

Spark-compatible compute engine built on Apache Arrow and DataFusion

pkgs.sailsd

Simulator daemon for autonomous sailing boats

pkgs.mainsail

Web interface for managing and controlling 3D printers with Klipper

pkgs.sail-riscv

Formal specification of the RISC-V architecture, written in Sail

  • nixos-unstable 0.8
    • nixpkgs-unstable 0.8
    • nixos-unstable-small 0.8
  • nixos-25.11 0.8
    • nixos-25.11-small 0.8
    • nixpkgs-25.11-darwin 0.8

pkgs.ocamlPackages.sail

Language for describing the instruction-set architecture (ISA) semantics of processors

Package maintainers

Untriaged
Permalink CVE-2026-27168
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): ADJACENT_NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months ago Activity log
  • Created suggestion 2 months ago
SAIL: Heap-based Buffer Overflow in Sail-codecs-xwd

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os read directly from the file as the read size in io->strict_read(), and is never compared to the actual size of the destination buffer. An attacker can provide an XWD file with an arbitrarily large bytes_per_line, causing a massive write operation beyond the buffer heap allocated for the image pixels. The issue did not have a fix at the time of publication.

Affected products

sail
  • ==<= 0.9.10

Matching in nixpkgs

pkgs.sail

Spark-compatible compute engine built on Apache Arrow and DataFusion

  • nixos-unstable -
    • nixpkgs-unstable 0.5.0
    • nixos-unstable-small 0.5.0

pkgs.sailsd

Simulator daemon for autonomous sailing boats

pkgs.mainsail

Web interface for managing and controlling 3D printers with Klipper

pkgs.sail-riscv

Formal specification of the RISC-V architecture, written in Sail

  • nixos-unstable 0.8
    • nixpkgs-unstable 0.8
    • nixos-unstable-small 0.8
  • nixos-25.11 0.8
    • nixos-25.11-small 0.8
    • nixpkgs-25.11-darwin 0.8

pkgs.ocamlPackages.sail

Language for describing the instruction-set architecture (ISA) semantics of processors