CVE-2025-27795

CVE-2025-27795

Name

CVE-2025-27795

Description

ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	http://www.graphicsmagick.org/NEWS.html
cve@mitre.org	https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42
cve@mitre.org	https://github.com/libjxl/libjxl/issues/3792#issuecomment-2330978387
cve@mitre.org	https://github.com/libjxl/libjxl/issues/3793#issuecomment-2334843280
cve@mitre.org	https://issues.oss-fuzz.com/issues/42536330#comment6

Type

URI

cve@mitre.org

http://www.graphicsmagick.org/NEWS.html

cve@mitre.org

https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42

cve@mitre.org

https://github.com/libjxl/libjxl/issues/3792#issuecomment-2330978387

cve@mitre.org

https://github.com/libjxl/libjxl/issues/3793#issuecomment-2334843280

cve@mitre.org

https://issues.oss-fuzz.com/issues/42536330#comment6

CPE URI	Source package	Min version	Max version
	graphicsmagick	>= 0	< 1.3.46

CPE URI

Source package

Min version

Max version

graphicsmagick

>= 0

< 1.3.46

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
graphicsmagick	edge-community	1.3.45-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
graphicsmagick	edge-community	1.3.45-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
graphicsmagick	edge-community	1.3.38-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
graphicsmagick	edge-community	1.3.35-r2	None	possibly vulnerable
graphicsmagick	edge-community	1.3.35-r0	None	possibly vulnerable
graphicsmagick	edge-community	1.3.32-r0	None	possibly vulnerable
graphicsmagick	edge-community	1.3.30-r0	None	possibly vulnerable
graphicsmagick	edge-community	1.3.29-r0	None	possibly vulnerable
graphicsmagick	edge-community	1.3.28-r0	None	possibly vulnerable
graphicsmagick	edge-community	1.3.27-r0	None	possibly vulnerable
graphicsmagick	edge-community	1.3.26-r5	None	possibly vulnerable
graphicsmagick	edge-community	1.3.26-r3	None	possibly vulnerable
graphicsmagick	edge-community	1.3.26-r2	None	possibly vulnerable
graphicsmagick	edge-community	1.3.26-r0	None	possibly vulnerable
graphicsmagick	edge-community	1.3.25-r2	None	possibly vulnerable
graphicsmagick	edge-community	1.3.25-r0	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.45-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
graphicsmagick	3.22-community	1.3.38-r0	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.35-r2	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.35-r0	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.32-r0	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.30-r0	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.29-r0	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.28-r0	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.27-r0	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.26-r5	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.26-r3	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.26-r2	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.26-r0	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.25-r2	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.25-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

graphicsmagick

edge-community

1.3.45-r1

Francesco Colista <fcolista@alpinelinux.org>

possibly vulnerable

graphicsmagick

edge-community