Memory Corruption Vulnerability in SAIL Image Decoding Library
CVE-2025-46407

8.8HIGH

Key Information:

Vendor: Sail Image Decoding Library
Status: Sail Image Decoding Library
Vendor: CVE Published:; 25 August 2025

🔔 Create Sail Image Decoding Library Vulnerability Alert

What is CVE-2025-46407?

A memory corruption issue has been identified in the BMPv3 Palette Decoding feature of the SAIL Image Decoding Library version 0.9.8. When handling specially crafted .bmp files, an integer overflow may occur. This overflow can lead to a heap-based buffer overflow while reading the image palette, which could potentially allow attackers to execute arbitrary code remotely. Exploitation of this vulnerability relies on the attacker persuading the library to process a malicious file.

Affected Version(s)

SAIL Image Decoding Library v0.9.8

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2025
Vulnerability Reserved
Jul 10, 2025

Credit

Discovered by a member of Cisco Talos.