CVE-2025-27796
Published: 07 March 2025
Summary
CVE-2025-27796 is a medium-severity Use of Uninitialized Resource (CWE-908) vulnerability in Graphicsmagick Graphicsmagick. Its CVSS base score is 4.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 20.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the heap out-of-bounds vulnerability by requiring timely patching of GraphicsMagick to version 1.3.46 or later, fixing the palette buffer allocation flaw in ReadWPGImage.
Implements memory protection mechanisms such as ASLR and DEP that mitigate exploitation of the heap-based out-of-bounds access in GraphicsMagick's ReadBlob function.
Requires validation of untrusted WPG image inputs to reject malformed palette data that triggers improper buffer allocation and out-of-bounds heap access.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables limited DoS via heap corruption (T1499.004) and limited stored data manipulation via integrity violations (T1565.001) when processing crafted local files.
NVD Description
ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.
Deeper analysisAI
CVE-2025-27796 is a heap-based out-of-bounds access vulnerability in the ReadWPGImage function within the WPG plugin of GraphicsMagick versions prior to 1.3.46. The issue arises from improper handling of palette buffer allocation, which leads to invalid memory access via the ReadBlob function. This flaw is classified under CWE-908 and carries a CVSS v3.1 base score of 4.5 (AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L), indicating moderate severity with local attack vector, high attack complexity, no privilege requirements, no user interaction needed, and changed scope impacting integrity and availability at low levels.
A local attacker can exploit this vulnerability by supplying a specially crafted WPG image file to a GraphicsMagick instance processing untrusted input. No privileges are required, but the attack demands high complexity to trigger the out-of-bounds heap access. Successful exploitation could result in limited integrity violations, such as unexpected modification of application data, and limited denial of service through heap corruption affecting availability, though confidentiality remains unaffected.
GraphicsMagick advisories recommend updating to version 1.3.46 or later, where the issue is addressed via a specific commit (883ebf8cae6dfa5873d975fe3476b1a188ef3f9f). The GraphicsMagick NEWS page documents the fix, and the vulnerability stems from bug report #750 on SourceForge, confirming the patch resolves the palette buffer mishandling in ReadWPGImage.
Details
- CWE(s)