CVE-2026-35444HIGHCVSS 7.1fixed in 996bf12888925932daace576e09c3053410896f82026-04-06
CVE-2026-35444 [HIGH] CWE-125 CVE-2026-35444: SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in s
SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size (cm_num). A crafted .xcf file with a small colormap and out-of-range pixel indices causes heap out-of-bou
nvd