A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to overflow when reading the palette from the image. These conditions can allow for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Metrics
Affected Vendors & Products
References
History
Tue, 02 Sep 2025 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Sail
Sail sail |
|
CPEs | cpe:2.3:a:sail:sail:0.9.8:*:*:*:*:*:*:* | |
Vendors & Products |
Sail
Sail sail |
Mon, 25 Aug 2025 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Sail Software
Sail Software sail Image Decoding Library |
|
Vendors & Products |
Sail Software
Sail Software sail Image Decoding Library |
Mon, 25 Aug 2025 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 25 Aug 2025 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to overflow when reading the palette from the image. These conditions can allow for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. | |
Weaknesses | CWE-680 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: talos
Published:
Updated: 2025-08-25T16:06:28.400Z
Reserved: 2025-07-10T14:30:20.051Z
Link: CVE-2025-46407

Updated: 2025-08-25T16:06:19.731Z

Status : Analyzed
Published: 2025-08-25T15:15:39.587
Modified: 2025-09-02T17:13:52.913
Link: CVE-2025-46407

No data.

Updated: 2025-08-25T22:08:09Z