From: carnil@debian.org 
  
 Source: sail 
 Version: 0.9.8-1 
 Severity: grave 
 Tags: security upstream 
 Justification: user security hole 
 X-Debbugs-Cc: carnil@debian.org, Debian Security Team  
  
 Hi, 
  
 The following vulnerabilities were published for sail. 
  
 CVE-2025-32468[0]: 
 | A memory corruption vulnerability exists in the BMPv3 Image Decoding 
 | functionality of the SAIL Image Decoding Library v0.9.8. When 
 | loading a specially crafted .bmp file, an integer overflow can be 
 | made to occur when calculating the stride for decoding. Afterwards, 
 | this will cause a heap-based buffer to overflow when decoding the 
 | image which can lead to remote code execution. An attacker will need 
 | to convince the library to read a file to trigger this 
 | vulnerability. 
  
  
 CVE-2025-35984[1]: 
 | A memory corruption vulnerability exists in the PCX Image Decoding 
 | functionality of the SAIL Image Decoding Library v0.9.8. When 
 | decoding the image data from a specially crafted .pcx file, a heap- 
 | based buffer overflow can occur which allows for remote code 
 | execution. An attacker will need to convince the library to read a 
 | file to trigger this vulnerability. 
  
  
 CVE-2025-46407[2]: 
 | A memory corruption vulnerability exists in the BMPv3 Palette 
 | Decoding functionality of the SAIL Image Decoding Library v0.9.8. 
 | When loading a specially crafted .bmp file, an integer overflow can 
 | be made to occur which will cause a heap-based buffer to overflow 
 | when reading the palette from the image. These conditions can allow 
 | for remote code execution. An attacker will need to convince the 
 | library to read a file to trigger this vulnerability. 
  
  
 CVE-2025-50129[3]: 
 | A memory corruption vulnerability exists in the PCX Image Decoding 
 | functionality of the SAIL Image Decoding Library v0.9.8. When 
 | decoding the image data from a specially crafted .tga file, a heap- 
 | based buffer overflow can occur which allows for remote code 
 | execution. An attacker will need to convince the library to read a 
 | file to trigger this vulnerability. 
  
  
 CVE-2025-52456[4]: 
 | A memory corruption vulnerability exists in the WebP Image Decoding 
 | functionality of the SAIL Image Decoding Library v0.9.8. When 
 | loading a specially crafted .webp animation an integer overflow can 
 | be made to occur when calculating the stride for decoding. 
 | Afterwards, this will cause a heap-based buffer to overflow when 
 | decoding the image which can lead to remote code execution. An 
 | attacker will need to convince the library to read a file to trigger 
 | this vulnerability. 
  
  
 CVE-2025-52930[5]: 
 | A memory corruption vulnerability exists in the BMPv3 RLE Decoding 
 | functionality of the SAIL Image Decoding Library v0.9.8. When 
 | decompressing the image data from a specially crafted .bmp file, a 
 | heap-based buffer overflow can occur which allows for remote code 
 | execution. An attacker will need to convince the library to read a 
 | file to trigger this vulnerability. 
  
  
 CVE-2025-53085[6]: 
 | A memory corruption vulnerability exists in the PSD RLE Decoding 
 | functionality of the SAIL Image Decoding Library v0.9.8. When 
 | decompressing the image data from a specially crafted .psd file, a 
 | heap-based buffer overflow can occur which allows for remote code 
 | execution. An attacker will need to convince the library to read a 
 | file to trigger this vulnerability. 
  
  
 CVE-2025-53510[7]: 
 | A memory corruption vulnerability exists in the PSD Image Decoding 
 | functionality of the SAIL Image Decoding Library v0.9.8. When 
 | loading a specially crafted .psd file, an integer overflow can be 
 | made to occur when calculating the stride for decoding. Afterwards, 
 | this will cause a heap-based buffer to overflow when decoding the 
 | image which can lead to remote code execution. An attacker will need 
 | to convince the library to read a file to trigger this 
 | vulnerability. 
  
 They should be fixed in 0.9.9 TTBOMK, but please double-check. 
  
 If you fix the vulnerabilities please also make sure to include the 
 CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. 
  
 For further information see: 
  
 [0] https://security-tracker.debian.org/tracker/CVE-2025-32468 
     https://www.cve.org/CVERecord?id=CVE-2025-32468 
 [1] https://security-tracker.debian.org/tracker/CVE-2025-35984 
     https://www.cve.org/CVERecord?id=CVE-2025-35984 
 [2] https://security-tracker.debian.org/tracker/CVE-2025-46407 
     https://www.cve.org/CVERecord?id=CVE-2025-46407 
 [3] https://security-tracker.debian.org/tracker/CVE-2025-50129 
     https://www.cve.org/CVERecord?id=CVE-2025-50129 
 [4] https://security-tracker.debian.org/tracker/CVE-2025-52456 
     https://www.cve.org/CVERecord?id=CVE-2025-52456 
 [5] https://security-tracker.debian.org/tracker/CVE-2025-52930 
     https://www.cve.org/CVERecord?id=CVE-2025-52930 
 [6] https://security-tracker.debian.org/tracker/CVE-2025-53085 
     https://www.cve.org/CVERecord?id=CVE-2025-53085 
 [7] https://security-tracker.debian.org/tracker/CVE-2025-53510 
     https://www.cve.org/CVERecord?id=CVE-2025-53510 
  
 Regards, 
 Salvatore 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2)