CVE-2025-27796 Affecting graphicsmagick package, versions *

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-DEBIANUNSTABLE-GRAPHICSMAGICK-9366316
published8 Mar 2025
disclosed7 Mar 2025

Report a new vulnerability Found a mistake?

Introduced: 7 Mar 2025

NewCVE-2025-27796 (opens in a new tab)

How to fix?

There is no fixed version for Debian:unstable graphicsmagick.

NVD Description

Note: Versions mentioned in the description apply only to the upstream graphicsmagick package and not the graphicsmagick package as distributed by Debian. See How to fix? for Debian:unstable relevant fixed versions and status.

ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.

References

https://security-tracker.debian.org/tracker/CVE-2025-27796
http://www.graphicsmagick.org/NEWS.html
https://sourceforge.net/p/graphicsmagick/bugs/750/
https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3f9f