CVE-2025-27795

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-27795
ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

References
Link Resource
http://www.graphicsmagick.org/NEWS.html Release Notes
https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42 Patch
https://github.com/libjxl/libjxl/issues/3792#issuecomment-2330978387 Issue Tracking
https://github.com/libjxl/libjxl/issues/3793#issuecomment-2334843280 Issue Tracking
https://issues.oss-fuzz.com/issues/42536330#comment6 Issue Tracking
Configurations

Configuration 1 (hide)

cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-03-07 06:15

Updated : 2026-01-29 21:08

NVD link : CVE-2025-27795

Mitre link : CVE-2025-27795

CVE.ORG link : CVE-2025-27795

JSON object : View

Products Affected

graphicsmagick

  • graphicsmagick
CWE
CWE-770

Allocation of Resources Without Limits or Throttling