Cyber Resilience

CVE-2026-35444

High

Published: 06 April 2026

Published
06 April 2026
Modified
16 April 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
EPSS Score 0.0001 1.9th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-35444 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Libsdl Sdl Image. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious Image (T1204.003); ranked at the 1.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-35444 is a heap out-of-bounds read vulnerability in the SDL_image library, which loads images of various formats as SDL surfaces. The issue resides in the do_layer_surface() function within src/IMG_xcf.c, where pixel index values from decoded XCF tile data (GIMP's native format) are used directly as colormap indices without validation against the colormap size (cm_num). A crafted .xcf file featuring a small colormap and out-of-range pixel indices triggers reads of up to 762 bytes past the colormap allocation. This affects both IMAGE_INDEXED code paths for bpp=1 and bpp=2, with leaked heap bytes incorporated into the output surface pixel data, potentially visible in the rendered image. The vulnerability is rated 7.1 on the CVSS v3.1 scale (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L) and maps to CWE-125 (Out-of-bounds Read).

An attacker can exploit this vulnerability remotely by providing a malicious .xcf file to a victim, requiring user interaction such as opening or rendering the file in an application using SDL_image. No privileges are needed, and exploitation has low complexity over a network vector. Successful exploitation results in high confidentiality impact through observable heap data leakage embedded in the image pixels, alongside low availability impact from potential crashes, but no integrity impact.

The GitHub Security Advisory at https://github.com/libsdl-org/SDL_image/security/advisories/GHSA-gq8w-x74c-h6p7 details the issue, and the vulnerability is fixed in commit 996bf12888925932daace576e09c3053410896f8. Security practitioners should update SDL_image to a version incorporating this commit and validate image inputs in applications parsing XCF files.

EU & UK References

Vulnerability details

SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size (cm_num). A…

more

crafted .xcf file with a small colormap and out-of-range pixel indices causes heap out-of-bounds reads of up to 762 bytes past the colormap allocation. Both IMAGE_INDEXED code paths are affected (bpp=1 and bpp=2). The leaked heap bytes are written into the output surface pixel data, making them potentially observable in the rendered image. This vulnerability is fixed with commit 996bf12888925932daace576e09c3053410896f8.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.003 Malicious Image Execution
Adversaries may rely on a user running a malicious image to facilitate execution.
Why these techniques?

The vulnerability is triggered by a user opening or rendering a crafted malicious XCF image file in an application using SDL_image, directly enabling the Malicious Image sub-technique for user execution and information disclosure.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-55100Shared CWE-125
CVE-2026-41604Shared CWE-125
CVE-2026-2664Shared CWE-125
CVE-2025-20916Shared CWE-125
CVE-2026-31558Shared CWE-125
CVE-2026-30997Shared CWE-125
CVE-2026-31613Shared CWE-125
CVE-2026-20611Shared CWE-125
CVE-2026-23388Shared CWE-125
CVE-2026-33905Shared CWE-125

Affected Assets

libsdl
sdl image
≤ 2026-04-02

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Remediating the specific heap out-of-bounds read flaw in SDL_image by patching to commit 996bf12888925932daace576e09c3053410896f8 directly prevents exploitation via crafted XCF files.

prevent

Validating pixel index values from XCF tile data against the colormap size (cm_num) before use as indices comprehensively prevents the out-of-bounds heap reads.

detect

Vulnerability scanning identifies the CVE-2026-35444 flaw in SDL_image deployments, enabling timely remediation to mitigate risks from unpatched libraries.

References