Skip to main content

Sail CVE-2025-53510

HIGH
Integer Overflow to Buffer Overflow (CWE-680)
2025-08-25 talos-cna@cisco.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 19:08 vuln.today
PoC Detected
Nov 03, 2025 - 19:16 vuln.today
Public exploit code
CVE Published
Aug 25, 2025 - 15:15 nvd
HIGH 8.8

DescriptionCVE.org

A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.

AnalysisAI

A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-680. A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. Affected products include: Sail.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Sail

View all
CVE-2026-27168 HIGH POC
8.8 Feb 21

The SAIL image library contains a heap buffer overflow in its XWD file parser that fails to validate the bytes_per_line

CVE-2026-40494 CRITICAL
9.8 Apr 18

Heap buffer overflow in SAIL image library's TGA decoder allows remote code execution via malformed RLE-compressed TGA f

CVE-2026-40493 CRITICAL
9.8 Apr 18

Heap buffer overflow in SAIL PSD codec allows remote code execution when processing malicious LAB-mode PSD files. Affect

CVE-2026-40492 CRITICAL
9.8 Apr 18

Out-of-bounds memory access in SAIL image library's XWD codec allows remote attackers to achieve arbitrary code executio

CVE-2025-53085 HIGH POC
8.8 Aug 25

A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8

CVE-2025-52930 HIGH POC
8.8 Aug 25

A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9

CVE-2025-52456 HIGH POC
8.8 Aug 25

A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.

CVE-2025-50129 HIGH POC
8.8 Aug 25

A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9

CVE-2025-46407 HIGH POC
8.8 Aug 25

A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library

CVE-2025-35984 HIGH POC
8.8 Aug 25

A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9

CVE-2025-32468 HIGH POC
8.8 Aug 25

A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0

Share

CVE-2025-53510 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy