CVE-2025-46407

A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to overflow when reading the palette from the image. These conditions can allow for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2215	Exploit Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2215

Configurations

Configuration 1 (hide)

cpe:2.3:a:sail:sail:0.9.8:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-08-25 15:15

Updated : 2025-11-03 19:16

NVD link : CVE-2025-46407

Mitre link : CVE-2025-46407

CVE.ORG link : CVE-2025-46407

JSON object : View

Products Affected

sail

sail

CWE

CWE-680

Integer Overflow to Buffer Overflow

{"id": "CVE-2025-46407", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-08-25T15:15:39.587", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2215", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2215", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-680"}]}], "descriptions": [{"lang": "en", "value": "A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to overflow when reading the palette from the image. These conditions can allow for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de corrupci\u00f3n de memoria en la funcionalidad de BMPv3 Palette Decoding de SAIL Image Decoding Library v0.9.8. Al cargar un archivo .bmp especialmente manipulado, se puede producir un desbordamiento de enteros que provoca el desbordamiento del b\u00fafer del mont\u00f3n al leer la paleta de la imagen. Estas condiciones pueden permitir la ejecuci\u00f3n remota de c\u00f3digo. Un atacante deber\u00e1 convencer a la librer\u00eda para que lea un archivo para activar esta vulnerabilidad."}], "lastModified": "2025-11-03T19:16:05.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sail:sail:0.9.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDFCF91A-2A3D-45C6-A8C3-DD90A646BDAA"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}