CVE-2025-27795

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-27795
ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

References
Link Resource
http://www.graphicsmagick.org/NEWS.html
https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42
https://github.com/libjxl/libjxl/issues/3792#issuecomment-2330978387
https://github.com/libjxl/libjxl/issues/3793#issuecomment-2334843280
https://issues.oss-fuzz.com/issues/42536330#comment6
Configurations

No configuration.

History

07 Mar 2025, 16:15

Type Values Removed Values Added
References
  • () https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42 -
  • () https://github.com/libjxl/libjxl/issues/3792#issuecomment-2330978387 -
  • () https://github.com/libjxl/libjxl/issues/3793#issuecomment-2334843280 -
  • () https://issues.oss-fuzz.com/issues/42536330#comment6 -
Summary (en) JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits. (en) ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.

07 Mar 2025, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-07 06:15

Updated : 2025-03-07 16:15

NVD link : CVE-2025-27795

Mitre link : CVE-2025-27795

CVE.ORG link : CVE-2025-27795

JSON object : View

Products Affected

No product.

CWE
CWE-770

Allocation of Resources Without Limits or Throttling