A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to overflow when reading the palette from the image. These conditions can allow for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
                
            References
                    | Link | Resource | 
|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2025-2215 | Exploit Third Party Advisory | 
Configurations
                    History
                    02 Sep 2025, 17:13
| Type | Values Removed | Values Added | 
|---|---|---|
| Summary | 
 | |
| First Time | Sail sail Sail | |
| CPE | cpe:2.3:a:sail:sail:0.9.8:*:*:*:*:*:*:* | |
| References | () https://talosintelligence.com/vulnerability_reports/TALOS-2025-2215 - Exploit, Third Party Advisory | 
25 Aug 2025, 20:24
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2025-08-25 15:15
Updated : 2025-09-02 17:13
NVD link : CVE-2025-46407
Mitre link : CVE-2025-46407
CVE.ORG link : CVE-2025-46407
JSON object : View
Products Affected
                sail
- sail
CWE
                
                    
                        
                        CWE-680
                        
            Integer Overflow to Buffer Overflow
