What is the CVSS score of CVE-2025-32460?

CVE-2025-32460 has a contested CVSS base score of 4.0 from a third party (e.g. CISA-ADP), while the vendor rates it Medium. vuln.today uses the vendor rating as authoritative.

Which versions of Graphicsmagick are affected by CVE-2025-32460?

Organizations using GraphicsMagick before 8e56520 should be aware of moderate risk from CVE-2025-32460, a out-of-bounds read vulnerability rated CVSS 4.0.. A patch is available.

Is there a public PoC exploit available for CVE-2025-32460?

Yes, a public proof-of-concept exploit is available for CVE-2025-32460. Prioritise patching immediately. EPSS: 0.3%.

How to fix or mitigate CVE-2025-32460?

During next maintenance window: Identify affected systems and apply vendor patches when convenient. Vendor patch is available.

Graphicsmagick CVE-2025-32460

MEDIUM

Out-of-bounds Read (CWE-125)

2025-04-09 cve@mitre.org

Information Disclosure Buffer Overflow Graphicsmagick Suse

Medium

Disputed · 4.0 NVD

Severity by source

Sources disagree (Medium–Critical)

NVD PRIMARY

4.0 MEDIUM

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

SUSE

9.1 CRITICAL

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:35 vuln.today

Patch released

Mar 28, 2026 - 18:35 nvd

Patch available

PoC Detected

Jan 29, 2026 - 20:34 vuln.today

Public exploit code

CVE Published

Apr 09, 2025 - 02:15 nvd

MEDIUM 4.0

DescriptionCVE.org

GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.

AnalysisAI

GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call. Affected products include: Graphicsmagick. Version information: before 8.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

Vendor StatusVendor

SUSE

Severity: Critical

Product	Status
SUSE Linux Enterprise Module for Package Hub 15 SP6	Fixed
openSUSE Leap 15.6	Fixed
openSUSE Tumbleweed	Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7	Fixed
openSUSE Leap 15.6	Fixed

CVE-2025-32460 vulnerability details – vuln.today

Back

Graphicsmagick CVE-2025-32460

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code