CVE-2025-27796

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-27796
ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.

4.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.4 / Impact : 2.7

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References
Link Resource
http://www.graphicsmagick.org/NEWS.html Release Notes
https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3f9f Patch
https://sourceforge.net/p/graphicsmagick/bugs/750/ Permissions Required
Configurations

Configuration 1 (hide)

cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*
History

29 Jan 2026, 20:56

Type Values Removed Values Added
References () http://www.graphicsmagick.org/NEWS.html - () http://www.graphicsmagick.org/NEWS.html - Release Notes
References () https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3f9f - () https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3f9f - Patch
References () https://sourceforge.net/p/graphicsmagick/bugs/750/ - () https://sourceforge.net/p/graphicsmagick/bugs/750/ - Permissions Required
First Time Graphicsmagick graphicsmagick
Graphicsmagick
CPE cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*
Summary
  • (es) ReadWPGImage en WPG en GraphicsMagick anterior a 1.3.46 gestiona incorrectamente la asignación del búfer de paleta, lo que resulta en un acceso fuera de los límites a la memoria del montón en ReadBlob.

07 Mar 2025, 22:15

Type Values Removed Values Added
Summary (en) WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob. (en) ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.

07 Mar 2025, 16:15

Type Values Removed Values Added
References
  • () https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3f9f -
Summary (en) WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation. (en) WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.

07 Mar 2025, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-07 06:15

Updated : 2026-01-29 20:56

NVD link : CVE-2025-27796

Mitre link : CVE-2025-27796

CVE.ORG link : CVE-2025-27796

JSON object : View

Products Affected

graphicsmagick

  • graphicsmagick
CWE
CWE-908

Use of Uninitialized Resource