CVE-2025-52456
BaseFortify
Publication date: 2025-08-25
Last updated on: 2025-11-03
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sail | sail | 0.9.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-680 | The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory corruption issue in the WebP Image Decoding functionality of the SAIL Image Decoding Library version 0.9.8. Specifically, when decoding a specially crafted .webp animation file, an integer overflow can occur during the calculation of the stride, which leads to a heap-based buffer overflow. This buffer overflow can potentially allow an attacker to execute remote code on the affected system. To exploit this, an attacker must convince the library to read a maliciously crafted file.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including remote code execution, which means an attacker could run arbitrary code on your system without your permission. This could lead to full system compromise, data theft, or disruption of services. Because the vulnerability can be triggered remotely by convincing the library to read a malicious file, it poses a significant security risk.