Heap Out-of-Bounds Read in SDL_image Library Affecting Image Formats
CVE-2026-35444

7.1HIGH

Key Information:

Vendor: Libsdl-org
Status: Sdl Image
Vendor: CVE Published:; 6 April 2026

What is CVE-2026-35444?

The SDL_image library, utilized for loading various image formats, is susceptible to a vulnerability where pixel index values from decoded XCF tile data are improperly handled. This flaw occurs in the 'do_layer_surface()' function, where pixel indices are used directly as colormap indices without sufficient validation against the colormap size. An attacker can exploit this by crafting a .xcf file that contains a small colormap and out-of-bounds pixel indices, leading to heap out-of-bounds reads. Specifically, this can result in reading up to 762 bytes beyond the allocated colormap space. Such a vulnerability not only poses risks of memory access violations but also allows potentially sensitive data to leak into the output surface pixel data, making it observable in the rendered image. This issue has been addressed in a specific commit, enhancing the library's resilience against such abuse.

Affected Version(s)

SDL_image < 996bf12888925932daace576e09c3053410896f8

References

https://github.com/libsdl-org/SDL_image/security/advisori...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2026
Vulnerability Reserved
Apr 2, 2026

CVE-2026-35444 Data

JSON

Libsdl-org

What is CVE-2026-35444?

Affected Version(s)

References

CVSS V3.1

Timeline