{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T03:51:19.859","vulnerabilities":[{"cve":{"id":"CVE-2025-52456","sourceIdentifier":"talos-cna@cisco.com","published":"2025-08-25T15:15:40.410","lastModified":"2025-11-03T19:16:07.243","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability."},{"lang":"es","value":"Existe una vulnerabilidad de corrupción de memoria en la función WebP Image Decoding de SAIL Image Decoding Library v0.9.8. Al cargar una animación .webp especialmente manipulada, se puede producir un desbordamiento de enteros al calcular el paso de decodificación. Esto provoca un desbordamiento del búfer del montón al decodificar la imagen, lo que puede provocar la ejecución remota de código. Un atacante deberá convencer a la librería para que lea un archivo para activar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"talos-cna@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-680"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sail:sail:0.9.8:*:*:*:*:*:*:*","matchCriteriaId":"BDFCF91A-2A3D-45C6-A8C3-DD90A646BDAA"}]}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2224","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2224","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}