A high-severity memory corruption vulnerability, identified as CVE-2025-35984, has been discovered in the SAIL Image Decoding Library. This flaw can be triggered when a vulnerable application processes a specially crafted PCX image file, potentially allowing an attacker to execute arbitrary code and gain control of the affected system. Organizations using software that incorporates this library are at significant risk of system compromise, data breaches, and service disruption.

This vulnerability is a memory corruption flaw within the library's function for decoding PCX image files. An attacker can create a malicious PCX image file that, when opened or processed by an application using the vulnerable library, triggers an out-of-bounds write or a similar memory error. Successful exploitation could corrupt the application's memory, leading to a crash (Denial of Service) or, more critically, allowing the attacker to execute arbitrary code with the same privileges as the application.

This vulnerability is rated as High severity with a CVSS score of 8.8. Exploitation could lead to a complete compromise of the system running the affected software. The business impact is significant, potentially resulting in unauthorized access to sensitive data, theft of intellectual property, installation of ransomware, or the use of the compromised system to launch further attacks against the internal network. Such an incident could cause severe operational disruptions, financial losses, and reputational damage.

Immediate Action: Identify all systems and applications that utilize the vulnerable SAIL library and apply the security updates provided by the vendor immediately. Prioritize patching for internet-facing systems and critical assets. After patching, monitor for any signs of exploitation attempts and review application and system logs for unusual activity preceding the patch deployment.

Proactive Monitoring: Implement enhanced monitoring on systems running affected software. Look for signs of compromise, such as applications crashing unexpectedly when processing images, unusual child processes being spawned by image-handling applications, or unexpected outbound network connections from these systems. Configure security information and event management (SIEM) systems to alert on these specific patterns.

Compensating Controls: If immediate patching is not feasible, implement the following compensating controls to reduce the risk of exploitation:

• Restrict File Types: If possible, block the uploading or processing of PCX image files at the network perimeter, on email gateways, and within applications.
• Application Sandboxing: Run vulnerable applications in a sandboxed or containerized environment to limit the potential impact of a successful exploit and prevent it from affecting the underlying operating system.
• Network Segmentation: Isolate systems running the vulnerable software from critical network segments to contain any potential breach.

Public Exploit Available: false

Given the high CVSS score of 8.8 and the potential for remote code execution, this vulnerability poses a critical risk to the organization. Although it is not currently listed on the CISA KEV list and no active exploitation has been observed, its severity demands immediate attention. We strongly recommend that all system owners identify affected assets and apply the vendor-supplied patches on an emergency basis. If patching is delayed, the compensating controls listed above must be implemented without delay to mitigate the risk of a system compromise.