CVE-2026-40494 SAIL has heap buffer overflow in TGA RLE decoder — raw packet path missing bounds check

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in tga.c has an asymmetric bounds check vulnerability. The run-packet path line 297 correctl...

CVE-2026-40494

SAIL's TGA codec contains a heap-based overflow in the RLE decoder’s raw-packet path (tga.c) prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302. The run-packet path correctly bounds the repeat count, but the raw-packet path lacks an equivalent bounds check, enabling attacker-controlled data...

SAIL 安全漏洞

SAIL is an open-source image decoding library developed by SAIL. SAIL has a security vulnerability, which stems from the RLE decoder in the TGA encoder/decoder’s asymmetric boundary checks. This vulnerability may lead to a stack buffer overflow...

EUVD-2015-7149

Malware in sbrugna...

EUVD-2024-1108

Malicious code in bioql PyPI...

CVE-2024-32036

ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of...

Sensitive Information in Resource Not Removed Before Reuse

Overview Affected versions of this package are vulnerable to Sensitive Information in Resource Not Removed Before Reuse due to a flaw in the JPEG and TGA decoders, when a specially crafted image file is passed to a software using ImageSharp. An attacker can potentially disclose sensitive...

Mozilla Firefox Denial of Service Vulnerability (CNVD-2015-08325)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in the gdk-pixbuf configuration of Mozilla Firefox versions prior to 43.0 on the Linux GNOME platform, which stems from the program failing to properly enable th...

Heap overflow

The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service heap-based buffer overflow via a crafted Truevision TGA image...

UBUNTU-CVE-2015-7217

The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service heap-based buffer overflow via a crafted Truevision TGA image...