Memory Corruption Vulnerability in WebP Image Decoding of SAIL Image Decoding Library
CVE-2025-52456

8.8HIGH

Key Information:

Vendor: Sail Image Decoding Library
Status: Sail Image Decoding Library
Vendor: CVE Published:; 25 August 2025

🔔 Create Sail Image Decoding Library Vulnerability Alert

What is CVE-2025-52456?

A memory corruption vulnerability in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8 allows an attacker to exploit specially crafted .webp animations. This exploitation can trigger an integer overflow during stride calculation, leading to a heap-based buffer overflow when decoding the image. An attacker must induce the library to process a malicious file to successfully exploit this vulnerability, potentially resulting in remote code execution.

Affected Version(s)

SAIL Image Decoding Library v0.9.8

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2025
Vulnerability Reserved
Jul 17, 2025

Credit

Discovered by a member of Cisco Talos.