CVE-2025-32460

GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
mitreCNA
4 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Debian logo
Debian Releases
Debian Product
Codename
graphicsmagick
bullseye (security)
1.4+really1.3.36+hg16481-2+deb11u1
fixed
bullseye
1.4+really1.3.36+hg16481-2+deb11u1
not-affected
bookworm
1.4+really1.3.40-4+deb12u1
fixed
bookworm (security)
1.4+really1.3.40-4+deb12u1
fixed
sid
1.4+really1.3.45+hg17696-1
fixed
trixie
1.4+really1.3.45+hg17696-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
graphicsmagick
plucky
needs-triage
oracular
needs-triage
noble
needs-triage
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
needs-triage
Common Weakness Enumeration
References
https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/8e56520435df50f618a03f2721a39a70a515f1cb
https://issues.oss-fuzz.com/issues/406320404
https://tracker.debian.org/news/1636753/accepted-graphicsmagick-14really1345hg17696-1-source-into-unstable/