SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5…

The SAIL cross-platform image library contains a buffer overflow vulnerability in its TGA codec's RLE decoder. The vulnerability exists in the raw-packet path which lacks proper bounds checking, allowing attackers to write up to 496 bytes of controlled data past the end of a heap buffer. This asymmetric bounds check issue affects the TGA image format processing functionality. The vulnerability has been patched in commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302. The issue could potentially allow heap corruption through malicious TGA image files.