CVE Alert: CVE-2025-53085 – SAIL Image Decoding Library – SAIL Image Decoding Library
CVE-2025-53085
A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .psd file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
AI Summary Analysis
Risk verdict
High risk of remote code execution via crafted PSD data; PoC exists and exploitation requires user interaction, so patching should be prioritised when available.
Why this matters
A heap-based buffer overflow in PSD RLE decoding can give an attacker full control of the host process, affecting confidentiality, integrity and availability. In practice, any service or app that decodes PSD files (especially in image editors, asset pipelines or web services) could be compromised, enabling code execution, data exposure or service disruption.
Most likely attack path
An attacker delivers or hosts a specially crafted PSD; the victim opens or processes the image with the vulnerable library. The library’s RLE decoding then overflows a heap buffer, enabling arbitrary code execution with the privileges of the decoding process. The network attack vector plus user interaction indicates remote delivery via user action, with preconditions limited to processing the image file.
Who is most exposed
Apps and services that bundle the SAIL Image Decoding Library to handle PSDs, on desktops, servers or embedded platforms, are most at risk—especially those exposed to untrusted image uploads or mail attachments.
Detection ideas
- Crashes or hangs during PSD decoding, with heap corruption signatures in memory dumps.
- Unusual memory growth or instability in the image-decoding component.
- Logs showing failures or exceptions specifically during PSD RLE processing.
- Known PoC patterns or library-version mismatches in asset pipelines.
- Anomalous network/file events where PSDs are delivered to decoding services.
Mitigation and prioritisation
- Apply vendor patch or upgrade to a non-affected version as soon as available.
- Run decoding in a sandboxed or restricted user context; enable least-privilege execution.
- If feasible, disable or limit PSD decoding capabilities in untrusted channels; add input validation and content filtering.
- Ensure asset ingestion pipelines are monitored for decoding errors and memory anomalies.
- Coordinate change with patch testing and deployment windows; treat as priority if KEV/EPSS indicators become available.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
