CVE-2025-50129

A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .tga file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2220 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:sail:sail:0.9.8:*:*:*:*:*:*:*

History

02 Sep 2025, 17:13

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de corrupción de memoria en la función PCX Image Decoding de SAIL Image Decoding Library v0.9.8. Al decodificar los datos de imagen de un archivo .tga especialmente manipulado, puede producirse un desbordamiento de búfer en el montón, lo que permite la ejecución remota de código. Un atacante deberá convencer a la librería para que lea un archivo para activar esta vulnerabilidad.
CPE cpe:2.3:a:sail:sail:0.9.8:*:*:*:*:*:*:*
References () https://talosintelligence.com/vulnerability_reports/TALOS-2025-2220 - () https://talosintelligence.com/vulnerability_reports/TALOS-2025-2220 - Exploit, Third Party Advisory
First Time Sail sail
Sail

25 Aug 2025, 20:24

Type Values Removed Values Added
New CVE

Information

Published : 2025-08-25 15:15

Updated : 2025-09-02 17:13


NVD link : CVE-2025-50129

Mitre link : CVE-2025-50129

CVE.ORG link : CVE-2025-50129


JSON object : View

Products Affected

sail

  • sail
CWE
CWE-122

Heap-based Buffer Overflow