CVE-2025-46407
BaseFortify
Publication date: 2025-08-25
Last updated on: 2025-11-03
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sail | sail | 0.9.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-680 | The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory corruption issue in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. Specifically, when the library loads a specially crafted .bmp file, an integer overflow can occur, leading to a heap-based buffer overflow while reading the image palette. This can allow an attacker to execute code remotely by tricking the library into processing a malicious file.
How can this vulnerability impact me? :
The vulnerability can lead to remote code execution, meaning an attacker could potentially run arbitrary code on your system without your permission. This can compromise the confidentiality, integrity, and availability of your system and data.