CVE-2025-46407

Name of the Vulnerable Software and Affected Versions: SAIL Image Decoding Library version 0.9.8

Description: A memory corruption issue exists in the BMPv3 Palette Decoding functionality. Loading a specially crafted .bmp file can cause an integer overflow, leading to a heap-based buffer overflow when reading the palette. This can allow for remote code execution if an attacker convinces the library to read a malicious file.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.