CVE-2025-52456

High CVSS: 8.8

A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.

Vendor

Sail

Product

Sail

CWE

CWE-680

Yayın Tarihi

2025-08-25 15:15:40

Güncelleme

2025-11-03 19:16:07

Source Identifier

talos-cna@cisco.com

KEV Date Added

Kategoriler

CWE-680 Sail HIGH Sail 2025

Referanslar

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2224 https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2224

Benzer Kayıtlar

High

CVE-2026-27168

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. A…

High

CVE-2025-53510

A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9…

High

CVE-2025-52930

A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9…

High

CVE-2025-53085

A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8…

High

CVE-2025-35984

A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9…

High

CVE-2025-46407

A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library…