SAIL Image Decoding Library PSD Processing Integer Overflow Vulnerability Leading to Remote Code Execution

A memory corruption vulnerability has been identified in the SAIL Image Decoding Library version 0.9.8, specifically within the PSD image decoding functionality. The vulnerability arises from an integer overflow that occurs when the library processes a specially crafted .psd file. This overflow happens while calculating the stride for image decoding, which subsequently leads to a heap-based buffer overflow. The exploitation of this vulnerability can result in remote code execution. To trigger the issue, an attacker must convince the library to read a file containing the maliciously crafted PSD data.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can be leveraged for remote code execution.

Reproduction

The vulnerability can be reproduced by using the SAIL Image Decoding Library to decode a crafted PSD file that triggers the integer overflow. This can be done by creating a PSD file with specific header values that, when processed by the library, cause the width and depth calculations to exceed 32-bit limits, leading to the overflow and subsequent buffer overflow.

Remediation

Users are advised to update to the patched version of the SAIL Image Decoding Library, which is available on the official SAIL website.