A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .psd file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Metrics
Affected Vendors & Products
References
History
Tue, 02 Sep 2025 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Sail
Sail sail |
|
CPEs | cpe:2.3:a:sail:sail:0.9.8:*:*:*:*:*:*:* | |
Vendors & Products |
Sail
Sail sail |
Mon, 25 Aug 2025 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Sail Software
Sail Software sail Image Decoding Library |
|
Vendors & Products |
Sail Software
Sail Software sail Image Decoding Library |
Mon, 25 Aug 2025 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 25 Aug 2025 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .psd file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. | |
Weaknesses | CWE-122 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: talos
Published:
Updated: 2025-08-25T18:21:16.423Z
Reserved: 2025-07-10T15:29:54.702Z
Link: CVE-2025-53085

Updated: 2025-08-25T18:21:09.722Z

Status : Analyzed
Published: 2025-08-25T15:15:40.823
Modified: 2025-09-02T17:13:32.627
Link: CVE-2025-53085

No data.

Updated: 2025-08-25T22:08:11Z