SAIL Image Decoding Library Heap-Based Buffer Overflow Vulnerability Allowing Remote Code Execution

A heap-based buffer overflow vulnerability has been identified in the SAIL Image Decoding Library version 0.9.8, specifically within the PCX Image Decoding functionality. This vulnerability arises when the library decodes image data from a specially crafted .tga file, leading to memory corruption that can be exploited for remote code execution. The vulnerability is triggered by convincing the library to read a file containing the maliciously crafted image data.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, allowing for memory corruption that can be leveraged to execute arbitrary code remotely.

Reproduction

The vulnerability can be reproduced by using the SAIL Image Decoding Library to decode a .tga file that has been crafted to exploit the buffer overflow. The crafted file must be designed to include run-length encoded image data that, when processed by the library, overflows the allocated buffer by exceeding the image dimensions and pixel format specifications.

Remediation

Users are advised to update to the patched version of the SAIL Image Decoding Library, which is available on the official SAIL website.