Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
16 vulnerabilities found for SAIL Image Decoding Library by SAIL Image Decoding Library
CVE-2025-53510 (GCVE-0-2025-53510)
Vulnerability from nvd – Published: 2025-08-25 14:17 – Updated: 2025-11-03 18:13
VLAI?
Summary
A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAIL Image Decoding Library | SAIL Image Decoding Library |
Affected:
v0.9.8
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53510",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T18:16:41.693319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T18:16:53.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:13.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2218"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAIL Image Decoding Library",
"vendor": "SAIL Image Decoding Library",
"versions": [
{
"status": "affected",
"version": "v0.9.8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T14:17:41.763Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2218",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2218"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2025-53510",
"datePublished": "2025-08-25T14:17:41.763Z",
"dateReserved": "2025-07-10T15:22:59.572Z",
"dateUpdated": "2025-11-03T18:13:13.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53085 (GCVE-0-2025-53085)
Vulnerability from nvd – Published: 2025-08-25 14:17 – Updated: 2025-11-03 18:13
VLAI?
Summary
A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .psd file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAIL Image Decoding Library | SAIL Image Decoding Library |
Affected:
v0.9.8
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53085",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T18:21:07.099355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T18:21:16.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:11.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAIL Image Decoding Library",
"vendor": "SAIL Image Decoding Library",
"versions": [
{
"status": "affected",
"version": "v0.9.8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .psd file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T14:17:40.119Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2219",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2219"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2025-53085",
"datePublished": "2025-08-25T14:17:40.119Z",
"dateReserved": "2025-07-10T15:29:54.702Z",
"dateUpdated": "2025-11-03T18:13:11.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52930 (GCVE-0-2025-52930)
Vulnerability from nvd – Published: 2025-08-25 14:17 – Updated: 2025-11-03 18:13
VLAI?
Summary
A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAIL Image Decoding Library | SAIL Image Decoding Library |
Affected:
v0.9.8
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52930",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T19:02:46.740278Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T19:02:52.875Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:08.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2221"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAIL Image Decoding Library",
"vendor": "SAIL Image Decoding Library",
"versions": [
{
"status": "affected",
"version": "v0.9.8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T14:17:36.760Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2221",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2221"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2025-52930",
"datePublished": "2025-08-25T14:17:36.760Z",
"dateReserved": "2025-07-10T15:38:10.397Z",
"dateUpdated": "2025-11-03T18:13:08.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52456 (GCVE-0-2025-52456)
Vulnerability from nvd – Published: 2025-08-25 14:17 – Updated: 2025-11-03 18:13
VLAI?
Summary
A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAIL Image Decoding Library | SAIL Image Decoding Library |
Affected:
v0.9.8
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52456",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T19:03:02.553973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T19:03:08.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:04.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAIL Image Decoding Library",
"vendor": "SAIL Image Decoding Library",
"versions": [
{
"status": "affected",
"version": "v0.9.8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T14:17:35.230Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2224",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2224"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2025-52456",
"datePublished": "2025-08-25T14:17:35.230Z",
"dateReserved": "2025-07-17T07:10:35.028Z",
"dateUpdated": "2025-11-03T18:13:04.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-50129 (GCVE-0-2025-50129)
Vulnerability from nvd – Published: 2025-08-25 14:17 – Updated: 2025-11-03 18:13
VLAI?
Summary
A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .tga file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAIL Image Decoding Library | SAIL Image Decoding Library |
Affected:
v0.9.8
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-50129",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T19:02:10.470962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T19:02:18.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:02.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2220"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAIL Image Decoding Library",
"vendor": "SAIL Image Decoding Library",
"versions": [
{
"status": "affected",
"version": "v0.9.8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .tga file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T14:17:38.509Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2220",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2220"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2025-50129",
"datePublished": "2025-08-25T14:17:38.509Z",
"dateReserved": "2025-07-10T15:33:13.329Z",
"dateUpdated": "2025-11-03T18:13:02.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-46407 (GCVE-0-2025-46407)
Vulnerability from nvd – Published: 2025-08-25 14:17 – Updated: 2025-11-03 18:12
VLAI?
Summary
A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to overflow when reading the palette from the image. These conditions can allow for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAIL Image Decoding Library | SAIL Image Decoding Library |
Affected:
v0.9.8
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46407",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T16:06:16.724624Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T16:06:28.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:12:54.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2215"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAIL Image Decoding Library",
"vendor": "SAIL Image Decoding Library",
"versions": [
{
"status": "affected",
"version": "v0.9.8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to overflow when reading the palette from the image. These conditions can allow for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T14:17:47.494Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2215",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2215"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2025-46407",
"datePublished": "2025-08-25T14:17:47.494Z",
"dateReserved": "2025-07-10T14:30:20.051Z",
"dateUpdated": "2025-11-03T18:12:54.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-35984 (GCVE-0-2025-35984)
Vulnerability from nvd – Published: 2025-08-25 14:17 – Updated: 2025-11-03 18:09
VLAI?
Summary
A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .pcx file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAIL Image Decoding Library | SAIL Image Decoding Library |
Affected:
v0.9.8
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-35984",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T20:30:38.496080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T20:30:46.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:09:24.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAIL Image Decoding Library",
"vendor": "SAIL Image Decoding Library",
"versions": [
{
"status": "affected",
"version": "v0.9.8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .pcx file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T14:17:43.878Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2217",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2217"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2025-35984",
"datePublished": "2025-08-25T14:17:43.878Z",
"dateReserved": "2025-07-10T15:18:23.338Z",
"dateUpdated": "2025-11-03T18:09:24.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32468 (GCVE-0-2025-32468)
Vulnerability from nvd – Published: 2025-08-25 14:17 – Updated: 2025-11-03 18:09
VLAI?
Summary
A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAIL Image Decoding Library | SAIL Image Decoding Library |
Affected:
v0.9.8
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T20:31:02.473933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T20:31:10.261Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:09:24.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2216"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAIL Image Decoding Library",
"vendor": "SAIL Image Decoding Library",
"versions": [
{
"status": "affected",
"version": "v0.9.8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T14:17:45.750Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2216",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2216"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2025-32468",
"datePublished": "2025-08-25T14:17:45.750Z",
"dateReserved": "2025-07-10T14:38:23.105Z",
"dateUpdated": "2025-11-03T18:09:24.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-46407 (GCVE-0-2025-46407)
Vulnerability from cvelistv5 – Published: 2025-08-25 14:17 – Updated: 2025-11-03 18:12
VLAI?
Summary
A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to overflow when reading the palette from the image. These conditions can allow for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAIL Image Decoding Library | SAIL Image Decoding Library |
Affected:
v0.9.8
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46407",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T16:06:16.724624Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T16:06:28.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:12:54.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2215"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAIL Image Decoding Library",
"vendor": "SAIL Image Decoding Library",
"versions": [
{
"status": "affected",
"version": "v0.9.8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to overflow when reading the palette from the image. These conditions can allow for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T14:17:47.494Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2215",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2215"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2025-46407",
"datePublished": "2025-08-25T14:17:47.494Z",
"dateReserved": "2025-07-10T14:30:20.051Z",
"dateUpdated": "2025-11-03T18:12:54.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32468 (GCVE-0-2025-32468)
Vulnerability from cvelistv5 – Published: 2025-08-25 14:17 – Updated: 2025-11-03 18:09
VLAI?
Summary
A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAIL Image Decoding Library | SAIL Image Decoding Library |
Affected:
v0.9.8
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T20:31:02.473933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T20:31:10.261Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:09:24.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2216"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAIL Image Decoding Library",
"vendor": "SAIL Image Decoding Library",
"versions": [
{
"status": "affected",
"version": "v0.9.8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T14:17:45.750Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2216",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2216"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2025-32468",
"datePublished": "2025-08-25T14:17:45.750Z",
"dateReserved": "2025-07-10T14:38:23.105Z",
"dateUpdated": "2025-11-03T18:09:24.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-35984 (GCVE-0-2025-35984)
Vulnerability from cvelistv5 – Published: 2025-08-25 14:17 – Updated: 2025-11-03 18:09
VLAI?
Summary
A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .pcx file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAIL Image Decoding Library | SAIL Image Decoding Library |
Affected:
v0.9.8
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-35984",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T20:30:38.496080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T20:30:46.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:09:24.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAIL Image Decoding Library",
"vendor": "SAIL Image Decoding Library",
"versions": [
{
"status": "affected",
"version": "v0.9.8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .pcx file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T14:17:43.878Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2217",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2217"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2025-35984",
"datePublished": "2025-08-25T14:17:43.878Z",
"dateReserved": "2025-07-10T15:18:23.338Z",
"dateUpdated": "2025-11-03T18:09:24.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53510 (GCVE-0-2025-53510)
Vulnerability from cvelistv5 – Published: 2025-08-25 14:17 – Updated: 2025-11-03 18:13
VLAI?
Summary
A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAIL Image Decoding Library | SAIL Image Decoding Library |
Affected:
v0.9.8
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53510",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T18:16:41.693319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T18:16:53.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:13.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2218"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAIL Image Decoding Library",
"vendor": "SAIL Image Decoding Library",
"versions": [
{
"status": "affected",
"version": "v0.9.8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T14:17:41.763Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2218",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2218"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2025-53510",
"datePublished": "2025-08-25T14:17:41.763Z",
"dateReserved": "2025-07-10T15:22:59.572Z",
"dateUpdated": "2025-11-03T18:13:13.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53085 (GCVE-0-2025-53085)
Vulnerability from cvelistv5 – Published: 2025-08-25 14:17 – Updated: 2025-11-03 18:13
VLAI?
Summary
A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .psd file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAIL Image Decoding Library | SAIL Image Decoding Library |
Affected:
v0.9.8
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53085",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T18:21:07.099355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T18:21:16.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:11.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAIL Image Decoding Library",
"vendor": "SAIL Image Decoding Library",
"versions": [
{
"status": "affected",
"version": "v0.9.8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .psd file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T14:17:40.119Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2219",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2219"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2025-53085",
"datePublished": "2025-08-25T14:17:40.119Z",
"dateReserved": "2025-07-10T15:29:54.702Z",
"dateUpdated": "2025-11-03T18:13:11.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-50129 (GCVE-0-2025-50129)
Vulnerability from cvelistv5 – Published: 2025-08-25 14:17 – Updated: 2025-11-03 18:13
VLAI?
Summary
A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .tga file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAIL Image Decoding Library | SAIL Image Decoding Library |
Affected:
v0.9.8
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-50129",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T19:02:10.470962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T19:02:18.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:02.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2220"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAIL Image Decoding Library",
"vendor": "SAIL Image Decoding Library",
"versions": [
{
"status": "affected",
"version": "v0.9.8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .tga file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T14:17:38.509Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2220",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2220"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2025-50129",
"datePublished": "2025-08-25T14:17:38.509Z",
"dateReserved": "2025-07-10T15:33:13.329Z",
"dateUpdated": "2025-11-03T18:13:02.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52930 (GCVE-0-2025-52930)
Vulnerability from cvelistv5 – Published: 2025-08-25 14:17 – Updated: 2025-11-03 18:13
VLAI?
Summary
A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAIL Image Decoding Library | SAIL Image Decoding Library |
Affected:
v0.9.8
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52930",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T19:02:46.740278Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T19:02:52.875Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:08.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2221"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAIL Image Decoding Library",
"vendor": "SAIL Image Decoding Library",
"versions": [
{
"status": "affected",
"version": "v0.9.8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T14:17:36.760Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2221",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2221"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2025-52930",
"datePublished": "2025-08-25T14:17:36.760Z",
"dateReserved": "2025-07-10T15:38:10.397Z",
"dateUpdated": "2025-11-03T18:13:08.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52456 (GCVE-0-2025-52456)
Vulnerability from cvelistv5 – Published: 2025-08-25 14:17 – Updated: 2025-11-03 18:13
VLAI?
Summary
A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAIL Image Decoding Library | SAIL Image Decoding Library |
Affected:
v0.9.8
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52456",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T19:03:02.553973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T19:03:08.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:04.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAIL Image Decoding Library",
"vendor": "SAIL Image Decoding Library",
"versions": [
{
"status": "affected",
"version": "v0.9.8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T14:17:35.230Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2224",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2224"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2025-52456",
"datePublished": "2025-08-25T14:17:35.230Z",
"dateReserved": "2025-07-17T07:10:35.028Z",
"dateUpdated": "2025-11-03T18:13:04.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}