CVE-2025-32460

Public on 2025-04-09
Modified on 2025-04-10
Description
GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.
Severity
Medium severity
Medium
CVSS v3 Base Score
4.0
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
HAQM Linux 1 GraphicsMagick No Fix Planned
HAQM Linux 2 - Graphicsmagick1.3 Extra GraphicsMagick Pending Fix
HAQM Linux 2023 GraphicsMagick Pending Fix

CVSS Scores

Score Type Score Vector
HAQM Linux CVSSv3 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
NVD CVSSv3 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

Red Hat: CVE-2025-32460 Mitre: CVE-2025-32460