CVE-2025-32468

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

A

memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2216	Exploit Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2216

Configurations

Configuration 1 (hide)

cpe:2.3:a:sail:sail:0.9.8:*:*:*:*:*:*:*

History

03 Nov 2025, 19:15

Type	Values Removed	Values Added
References		() https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2216 -

02 Sep 2025, 17:14

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-25 15:15

Updated : 2025-11-03 19:15

NVD link : CVE-2025-32468

Mitre link : CVE-2025-32468

CVE.ORG link : CVE-2025-32468

JSON object : View

Products Affected

sail

CWE

CWE-680

Integer Overflow to Buffer Overflow

{"id": "CVE-2025-32468", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-08-25T15:15:38.877", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2216", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2216", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-680"}]}], "descriptions": [{"lang": "en", "value": "A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de corrupci\u00f3n de memoria en la funci\u00f3n BMPv3 Image Decoding de SAIL Image Decoding Library v0.9.8. Al cargar un archivo .bmp especialmente manipulado, se puede producir un desbordamiento de enteros al calcular el paso de decodificaci\u00f3n. Esto provoca un desbordamiento del b\u00fafer del mont\u00f3n al decodificar la imagen, lo que puede provocar la ejecuci\u00f3n remota de c\u00f3digo. Un atacante deber\u00e1 convencer a la librer\u00eda para que lea un archivo para activar esta vulnerabilidad."}], "lastModified": "2025-11-03T19:15:52.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sail:sail:0.9.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDFCF91A-2A3D-45C6-A8C3-DD90A646BDAA"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}