SAIL Image Decoding Library Heap-Based Buffer Overflow Vulnerability Allowing Remote Code Execution

A memory corruption vulnerability has been identified in the SAIL Image Decoding Library version 0.9.8, specifically within the PSD RLE Decoding functionality. This vulnerability arises when the library decompresses image data from a specially crafted .psd file, leading to a heap-based buffer overflow that can be exploited for remote code execution. The vulnerability is triggered by convincing the library to read a file containing the malicious .psd data.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution in the context of the application using the SAIL Image Decoding Library.

Reproduction

The vulnerability can be reproduced by using the SAIL Image Decoding Library to open a crafted .psd file that exploits the buffer overflow in the RLE decoding process. The proof-of-concept .psd file must be prepared to trigger the vulnerability by overflowing the buffer allocated for image data decoding.

Remediation

Users are advised to update to the patched version of the SAIL Image Decoding Library. The latest version can be obtained from the official SAIL website.