Source: sail Version: 0.9.8-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerabilities were published for sail. CVE-2025-32468[0]: | A memory corruption vulnerability exists in the BMPv3 Image Decoding | functionality of the SAIL Image Decoding Library v0.9.8. When | loading a specially crafted .bmp file, an integer overflow can be | made to occur when calculating the stride for decoding. Afterwards, | this will cause a heap-based buffer to overflow when decoding the | image which can lead to remote code execution. An attacker will need | to convince the library to read a file to trigger this | vulnerability. CVE-2025-35984[1]: | A memory corruption vulnerability exists in the PCX Image Decoding | functionality of the SAIL Image Decoding Library v0.9.8. When | decoding the image data from a specially crafted .pcx file, a heap- | based buffer overflow can occur which allows for remote code | execution. An attacker will need to convince the library to read a | file to trigger this vulnerability. CVE-2025-46407[2]: | A memory corruption vulnerability exists in the BMPv3 Palette | Decoding functionality of the SAIL Image Decoding Library v0.9.8. | When loading a specially crafted .bmp file, an integer overflow can | be made to occur which will cause a heap-based buffer to overflow | when reading the palette from the image. These conditions can allow | for remote code execution. An attacker will need to convince the | library to read a file to trigger this vulnerability. CVE-2025-50129[3]: | A memory corruption vulnerability exists in the PCX Image Decoding | functionality of the SAIL Image Decoding Library v0.9.8. When | decoding the image data from a specially crafted .tga file, a heap- | based buffer overflow can occur which allows for remote code | execution. An attacker will need to convince the library to read a | file to trigger this vulnerability. CVE-2025-52456[4]: | A memory corruption vulnerability exists in the WebP Image Decoding | functionality of the SAIL Image Decoding Library v0.9.8. When | loading a specially crafted .webp animation an integer overflow can | be made to occur when calculating the stride for decoding. | Afterwards, this will cause a heap-based buffer to overflow when | decoding the image which can lead to remote code execution. An | attacker will need to convince the library to read a file to trigger | this vulnerability. CVE-2025-52930[5]: | A memory corruption vulnerability exists in the BMPv3 RLE Decoding | functionality of the SAIL Image Decoding Library v0.9.8. When | decompressing the image data from a specially crafted .bmp file, a | heap-based buffer overflow can occur which allows for remote code | execution. An attacker will need to convince the library to read a | file to trigger this vulnerability. CVE-2025-53085[6]: | A memory corruption vulnerability exists in the PSD RLE Decoding | functionality of the SAIL Image Decoding Library v0.9.8. When | decompressing the image data from a specially crafted .psd file, a | heap-based buffer overflow can occur which allows for remote code | execution. An attacker will need to convince the library to read a | file to trigger this vulnerability. CVE-2025-53510[7]: | A memory corruption vulnerability exists in the PSD Image Decoding | functionality of the SAIL Image Decoding Library v0.9.8. When | loading a specially crafted .psd file, an integer overflow can be | made to occur when calculating the stride for decoding. Afterwards, | this will cause a heap-based buffer to overflow when decoding the | image which can lead to remote code execution. An attacker will need | to convince the library to read a file to trigger this | vulnerability. They should be fixed in 0.9.9 TTBOMK, but please double-check. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-32468 https://www.cve.org/CVERecord?id=CVE-2025-32468 [1] https://security-tracker.debian.org/tracker/CVE-2025-35984 https://www.cve.org/CVERecord?id=CVE-2025-35984 [2] https://security-tracker.debian.org/tracker/CVE-2025-46407 https://www.cve.org/CVERecord?id=CVE-2025-46407 [3] https://security-tracker.debian.org/tracker/CVE-2025-50129 https://www.cve.org/CVERecord?id=CVE-2025-50129 [4] https://security-tracker.debian.org/tracker/CVE-2025-52456 https://www.cve.org/CVERecord?id=CVE-2025-52456 [5] https://security-tracker.debian.org/tracker/CVE-2025-52930 https://www.cve.org/CVERecord?id=CVE-2025-52930 [6] https://security-tracker.debian.org/tracker/CVE-2025-53085 https://www.cve.org/CVERecord?id=CVE-2025-53085 [7] https://security-tracker.debian.org/tracker/CVE-2025-53510 https://www.cve.org/CVERecord?id=CVE-2025-53510 Regards, Salvatore
