CVE-2025-46407

High CVSS: 8.8

A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to overflow when reading the palette from the image. These conditions can allow for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.

Vendor

Sail

Product

Sail

CWE

CWE-680

Yayın Tarihi

2025-08-25 15:15:39

Güncelleme

2025-11-03 19:16:05

Source Identifier

talos-cna@cisco.com

KEV Date Added

Kategoriler

CWE-680 Sail HIGH Sail 2025

Referanslar

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2215 https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2215

Benzer Kayıtlar

High

CVE-2026-27168

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. A…

High

CVE-2025-53510

A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9…

High

CVE-2025-52456

A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.…

High

CVE-2025-52930

A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9…

High

CVE-2025-53085

A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8…

High

CVE-2025-35984

A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9…