CVE-2025-32460

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-32460

Severity

Unknown

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-32460
https://github.com/advisories/GHSA-hf7q-qx98-4hm7
https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/8e56520435df50f618a03f2721a39a70a515f1cb
https://issues.oss-fuzz.com/issues/406320404
https://tracker.debian.org/news/1636753/accepted-graphicsmagick-14really1345hg17696-1-source-into-unstable/

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2025-32460

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company