Cyber Resilience

CVE-2025-27796

Medium

Published: 07 March 2025

Published
07 March 2025
Modified
29 January 2026
KEV Added
Patch
CVSS Score v3.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L
EPSS Score 0.0006 20.3th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27796 is a medium-severity Use of Uninitialized Resource (CWE-908) vulnerability in Graphicsmagick Graphicsmagick. Its CVSS base score is 4.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 20.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-27796 is a heap-based out-of-bounds access vulnerability in the ReadWPGImage function within the WPG plugin of GraphicsMagick versions prior to 1.3.46. The issue arises from improper handling of palette buffer allocation, which leads to invalid memory access via the ReadBlob function. This flaw is classified under CWE-908 and carries a CVSS v3.1 base score of 4.5 (AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L), indicating moderate severity with local attack vector, high attack complexity, no privilege requirements, no user interaction needed, and changed scope impacting integrity and availability at low levels.

A local attacker can exploit this vulnerability by supplying a specially crafted WPG image file to a GraphicsMagick instance processing untrusted input. No privileges are required, but the attack demands high complexity to trigger the out-of-bounds heap access. Successful exploitation could result in limited integrity violations, such as unexpected modification of application data, and limited denial of service through heap corruption affecting availability, though confidentiality remains unaffected.

GraphicsMagick advisories recommend updating to version 1.3.46 or later, where the issue is addressed via a specific commit (883ebf8cae6dfa5873d975fe3476b1a188ef3f9f). The GraphicsMagick NEWS page documents the fix, and the vulnerability stems from bug report #750 on SourceForge, confirming the patch resolves the palette buffer mishandling in ReadWPGImage.

EU & UK References

Vulnerability details

ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

Vulnerability enables limited DoS via heap corruption (T1499.004) and limited stored data manipulation via integrity violations (T1565.001) when processing crafted local files.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-27795Same product: Graphicsmagick Graphicsmagick
CVE-2026-23003Shared CWE-908
CVE-2025-26803Shared CWE-908
CVE-2026-31626Shared CWE-908
CVE-2025-15281Shared CWE-908
CVE-2026-4716Shared CWE-908
CVE-2026-4715Shared CWE-908
CVE-2024-57907Shared CWE-908
CVE-2024-13164Shared CWE-908
CVE-2024-57910Shared CWE-908

Affected Assets

graphicsmagick
graphicsmagick
≤ 1.3.46

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the heap out-of-bounds vulnerability by requiring timely patching of GraphicsMagick to version 1.3.46 or later, fixing the palette buffer allocation flaw in ReadWPGImage.

prevent

Implements memory protection mechanisms such as ASLR and DEP that mitigate exploitation of the heap-based out-of-bounds access in GraphicsMagick's ReadBlob function.

prevent

Requires validation of untrusted WPG image inputs to reject malformed palette data that triggers improper buffer allocation and out-of-bounds heap access.

References