CVE-2025-27796

CVE-2025-27796 is a heap-based out-of-bounds access vulnerability in the ReadWPGImage function within the WPG plugin of GraphicsMagick versions prior to 1.3.46. The issue arises from improper handling of palette buffer allocation, which leads to invalid memory access via the ReadBlob function. This flaw is classified under CWE-908 and carries a CVSS v3.1 base score of 4.5 (AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L), indicating moderate severity with local attack vector, high attack complexity, no privilege requirements, no user interaction needed, and changed scope impacting integrity and availability at low levels.

A local attacker can exploit this vulnerability by supplying a specially crafted WPG image file to a GraphicsMagick instance processing untrusted input. No privileges are required, but the attack demands high complexity to trigger the out-of-bounds heap access. Successful exploitation could result in limited integrity violations, such as unexpected modification of application data, and limited denial of service through heap corruption affecting availability, though confidentiality remains unaffected.

GraphicsMagick advisories recommend updating to version 1.3.46 or later, where the issue is addressed via a specific commit (883ebf8cae6dfa5873d975fe3476b1a188ef3f9f). The GraphicsMagick NEWS page documents the fix, and the vulnerability stems from bug report #750 on SourceForge, confirming the patch resolves the palette buffer mishandling in ReadWPGImage.