CVE-2025-32460
Public on 2025-04-09
Modified on 2025-04-10
Description
GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | GraphicsMagick | No Fix Planned | ||
| Amazon Linux 2 - Graphicsmagick1.3 Extra | GraphicsMagick | 2025-09-29 | ALAS2GRAPHICSMAGICK1.3-2025-004 | Fixed |
| Amazon Linux 2023 | GraphicsMagick | 2025-09-29 | ALAS2023-2025-1201 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 4.0 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
| NVD | CVSSv3 | 4.0 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |