Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-27796

ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.

Published

2025-03-07T06:15:35.620

Last Modified

2026-01-29T20:56:31.340

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-908

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	graphicsmagick	graphicsmagick	< 1.3.46	Yes

References

http://www.graphicsmagick.org/NEWS.html Release Notes ([email protected])
https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3f9f Patch ([email protected])
https://sourceforge.net/p/graphicsmagick/bugs/750/ Permissions Required ([email protected])