CVE-2025-32460

CVE-2025-32460

Name

CVE-2025-32460

Description

GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.

NVD Severity

low

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
	https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/8e56520435df50f618a03f2721a39a70a515f1cb
	https://tracker.debian.org/news/1636753/accepted-graphicsmagick-14really1345hg17696-1-source-into-unstable/
	https://issues.oss-fuzz.com/issues/406320404

Type

URI

https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/8e56520435df50f618a03f2721a39a70a515f1cb

https://tracker.debian.org/news/1636753/accepted-graphicsmagick-14really1345hg17696-1-source-into-unstable/

https://issues.oss-fuzz.com/issues/406320404

CPE URI	Source package	Min version	Max version
	graphicsmagick	>= 0	< 8e56520435df50f618a03f2721a39a70a515f1cb

CPE URI

Source package

Min version

Max version

graphicsmagick

>= 0

< 8e56520435df50f618a03f2721a39a70a515f1cb

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
graphicsmagick	edge-community	1.3.46-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
graphicsmagick	edge-community	1.3.45-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
graphicsmagick	edge-community	1.3.45-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
graphicsmagick	edge-community	1.3.38-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
graphicsmagick	edge-community	1.3.35-r2	None	possibly vulnerable
graphicsmagick	edge-community	1.3.35-r0	None	possibly vulnerable
graphicsmagick	edge-community	1.3.32-r0	None	possibly vulnerable
graphicsmagick	edge-community	1.3.30-r0	None	possibly vulnerable
graphicsmagick	edge-community	1.3.29-r0	None	possibly vulnerable
graphicsmagick	edge-community	1.3.28-r0	None	possibly vulnerable
graphicsmagick	edge-community	1.3.27-r0	None	possibly vulnerable
graphicsmagick	edge-community	1.3.26-r5	None	possibly vulnerable
graphicsmagick	edge-community	1.3.26-r3	None	possibly vulnerable
graphicsmagick	edge-community	1.3.26-r2	None	possibly vulnerable
graphicsmagick	edge-community	1.3.26-r0	None	possibly vulnerable
graphicsmagick	edge-community	1.3.25-r2	None	possibly vulnerable
graphicsmagick	edge-community	1.3.25-r0	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.45-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
graphicsmagick	3.22-community	1.3.38-r0	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.35-r2	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.35-r0	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.32-r0	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.30-r0	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.29-r0	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.28-r0	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.27-r0	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.26-r5	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.26-r3	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.26-r2	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.26-r0	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.25-r2	None	possibly vulnerable
graphicsmagick	3.22-community	1.3.25-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

graphicsmagick

edge-community

1.3.46-r0

Francesco Colista <fcolista@alpinelinux.org>

possibly vulnerable

graphicsmagick

edge-community