CVE-2025-27795

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-27795
ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

References
Link Resource
http://www.graphicsmagick.org/NEWS.html
https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42
https://github.com/libjxl/libjxl/issues/3792#issuecomment-2330978387
https://github.com/libjxl/libjxl/issues/3793#issuecomment-2334843280
https://issues.oss-fuzz.com/issues/42536330#comment6
Configurations

No configuration.

History

07 Mar 2025, 16:15

Type Values Removed Values Added
Summary (en) JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits. (en) ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.
References
  • () https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42 -
  • () https://github.com/libjxl/libjxl/issues/3792#issuecomment-2330978387 -
  • () https://github.com/libjxl/libjxl/issues/3793#issuecomment-2334843280 -
  • () https://issues.oss-fuzz.com/issues/42536330#comment6 -

07 Mar 2025, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-07 06:15

Updated : 2025-03-07 16:15

NVD link : CVE-2025-27795

Mitre link : CVE-2025-27795

CVE.ORG link : CVE-2025-27795

JSON object : View

Products Affected

No product.

CWE
CWE-770

Allocation of Resources Without Limits or Throttling