A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
{
"cwe_ids": [
"CWE-680"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/32xxx/CVE-2025-32468.json",
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "v0.9.8"
},
{
"last_affected": "v0.9.8"
}
],
"source": "AFFECTED_FIELD"
}
],
"cna_assigner": "talos"
}