CVE-2025-27795: High severity GraphicsMagick Graphicsmagick vulnerability
Published Mar 7, 2025
·Updated
Last updated 14 April 2025
Other sources
ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.
— NVD
Affected Software
3 affected componentsFixes available
GraphicsMagick Graphicsmagick<1.3.46
debian/graphicsmagick<=1.4+really1.3.40-4
1.4+really1.3.36+hg16481-2+deb11u11.4+really1.3.40-4+deb12u11.4+really1.3.45+hg17696-1
GraphicsMagick Graphicsmagick<1.3.46
Remediation
Event History
Mar 7, 2025
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·06:15 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·06:15 AM
RemedyAffected Software
Apr 14, 2025
Data Sourced
via Ubuntu·05:42 AM
RemedyDescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-27795?
CVE-2025-27795 is considered a high-severity vulnerability due to the potential for resource exhaustion attacks.
2
How do I fix CVE-2025-27795?
To fix CVE-2025-27795, upgrade GraphicsMagick to version 1.3.46 or later.
3
What systems are affected by CVE-2025-27795?
CVE-2025-27795 affects versions of GraphicsMagick prior to 1.3.46.
4
What type of attack does CVE-2025-27795 enable?
CVE-2025-27795 enables denial-of-service attacks due to the lack of resource limits on image dimensions.
5
Is there a workaround for CVE-2025-27795?
Currently, there are no known workarounds for CVE-2025-27795; updating to the latest version is the only solution.