CVE-2025-32460

EUVD-2025-10418
GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
mitreCNA
4 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
graphicsmagickgraphicsmagick
𝑥
< 1.3.46
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
graphicsmagick
bookworm
1.4+really1.3.40-4+deb12u1
fixed
bookworm (security)
1.4+really1.3.40-4+deb12u1
fixed
bullseye
1.4+really1.3.36+hg16481-2+deb11u1
not-affected
bullseye (security)
1.4+really1.3.36+hg16481-2+deb11u1
fixed
forky
1.4+really1.3.45+hg17696-1
fixed
sid
1.4+really1.3.46-2
fixed
trixie
1.4+really1.3.45+hg17696-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
graphicsmagick
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
oracular
ignored
plucky
ignored
questing
needs-triage
trusty
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/8e56520435df50f618a03f2721a39a70a515f1cb
https://issues.oss-fuzz.com/issues/406320404
https://tracker.debian.org/news/1636753/accepted-graphicsmagick-14really1345hg17696-1-source-into-unstable/