GraphicsMagick before 8e56520 has a heap-based buffer over-read in
ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.
(CVE-2025-32460)
- https://bugs.mageia.org/show_bug.cgi?id=34218
-
- https://lists.debian.org/debian-security-announce/2025/msg00067.html
- https://lists.suse.com/pipermail/sle-updates/2025-April/039065.html
- https://www.cve.org/CVERecord?id=CVE-2025-32460
- 9/core/graphicsmagick-1.3.40-1.2.mga9
- 9/tainted/graphicsmagick-1.3.40-1.2.mga9.tainted
Get the latest Linux and open source security news straight to your inbox.