CVE-2025-52930: 
Homebrew vulnerability analysis and mitigation

A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. The vulnerability was discovered by a member of Cisco Talos and assigned CVE-2025-52930 (Talos, NVD).

The vulnerability exists in the BMPv3 RLE Decoding functionality where the library fails to properly validate the run-length encoding count when processing bitmap images. When decoding RLE-compressed data, the number of pixels to fill is read from the image data into a 'marker' variable. After reading the color index, a loop uses this count to fill the current scan line without validating against the image buffer dimensions, leading to a heap-based buffer overflow. The vulnerability has been assigned a CVSS v3.1 Base Score of 8.8 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is classified as CWE-680 (Integer Overflow to Buffer Overflow) (Talos).

The vulnerability allows for remote code execution under the context of the library when processing a specially crafted BMP file. An attacker can achieve arbitrary code execution by exploiting the heap-based buffer overflow condition. The vulnerability requires user interaction as an attacker needs to convince the library to read a malicious file (Talos).

The vulnerability has been patched by the vendor on July 31, 2025. Users should upgrade to a version newer than SAIL Image Decoding Library v0.9.8 to address this vulnerability (Talos).