CVE-2025-27795 Affecting graphicsmagick package, versions *
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-DEBIANUNSTABLE-GRAPHICSMAGICK-9366312
- published8 Mar 2025
- disclosed7 Mar 2025
Introduced: 7 Mar 2025
NewCVE-2025-27795 (opens in a new tab)Common Vulnerabilities and Exposures (CVE) are common identifiers for publicly known security vulnerabilities
How to fix?
There is no fixed version for Debian:unstable graphicsmagick.
NVD Description
Note: Versions mentioned in the description apply only to the upstream graphicsmagick package and not the graphicsmagick package as distributed by Debian.
See How to fix? for Debian:unstable relevant fixed versions and status.
ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.
References
- https://security-tracker.debian.org/tracker/CVE-2025-27795
- http://www.graphicsmagick.org/NEWS.html
- https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42
- https://github.com/libjxl/libjxl/issues/3792#issuecomment-2330978387
- https://github.com/libjxl/libjxl/issues/3793#issuecomment-2334843280
- https://issues.oss-fuzz.com/issues/42536330#comment6