CVE-2025-52930

A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2221	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:sail:sail:0.9.8:*:*:*:*:*:*:*

History

02 Sep 2025, 17:13

Type	Values Removed	Values Added
First Time		Sail Sail sail
CPE		cpe:2.3:a:sail:sail:0.9.8:::::::*
References	~~() https://talosintelligence.com/vulnerability_reports/TALOS-2025-2221 -~~	() https://talosintelligence.com/vulnerability_reports/TALOS-2025-2221 - Exploit, Third Party Advisory
Summary		(es) Existe una vulnerabilidad de corrupción de memoria en la función BMPv3 RLE Decoding de SAIL Image Decoding Library v0.9.8. Al descomprimir los datos de imagen de un archivo .bmp especialmente manipulado, puede producirse un desbordamiento de búfer en el montón, lo que permite la ejecución remota de código. Un atacante deberá convencer a la librería para que lea un archivo para activar esta vulnerabilidad.

25 Aug 2025, 20:24

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-25 15:15

Updated : 2025-09-02 17:13

NVD link : CVE-2025-52930

Mitre link : CVE-2025-52930

CVE.ORG link : CVE-2025-52930

JSON object : View

Products Affected

sail

sail

CWE

CWE-680

Integer Overflow to Buffer Overflow

8.8 /10