CVE-2025-27795 - Vulnerability Details

ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

References

Link	Providers
http://www.graphicsmagick.org/NEWS.html
https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42
https://github.com/libjxl/libjxl/issues/3792#issuecomment-2330978387
https://github.com/libjxl/libjxl/issues/3793#issuecomment-2334843280
https://issues.oss-fuzz.com/issues/42536330#comment6

History

Fri, 07 Mar 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 07 Mar 2025 16:15:00 +0000

Type	Values Removed	Values Added
Description	JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.	ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.
References		https://github.com/libjxl/libjxl/issues/3792#issuecomment-2330978387 https://github.com/libjxl/libjxl/issues/3793#issuecomment-2334843280 https://issues.oss-fuzz.com/issues/42536330#comment6

Fri, 07 Mar 2025 16:00:00 +0000

Type	Values Removed	Values Added
References		https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42

Fri, 07 Mar 2025 06:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-770
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L'}`

Fri, 07 Mar 2025 05:45:00 +0000

Type	Values Removed	Values Added
Description		JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.
References		http://www.graphicsmagick.org/NEWS.html

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-03-07T00:00:00.000Z

Updated: 2025-03-07T19:37:31.065Z

Reserved: 2025-03-07T00:00:00.000Z

Link: CVE-2025-27795

Vulnrichment

Updated: 2025-03-07T19:37:27.893Z

NVD

Status : Received

Published: 2025-03-07T06:15:33.273

Modified: 2025-03-07T16:15:40.187

Link: CVE-2025-27795

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object