CVE-2025-32468
BaseFortify
Publication date: 2025-08-25
Last updated on: 2025-11-03
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sail | sail | 0.9.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-680 | The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory corruption issue in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. It occurs when loading a specially crafted .bmp file that triggers an integer overflow during stride calculation, leading to a heap-based buffer overflow during image decoding. This can allow an attacker to execute remote code by convincing the library to read a malicious file.
How can this vulnerability impact me? :
The vulnerability can lead to remote code execution, meaning an attacker could potentially run arbitrary code on your system without authorization. This could compromise system integrity, confidentiality, and availability.