Volerion logoVolerion
Volerion logoVolerion

GraphicsMagick Out-of-Bounds Heap Memory Vulnerability in WPG ReadWPGImage Function

Vulnerability

A vulnerability in the ReadWPGImage function of GraphicsMagick, prior to version 1.3.46, allows for out-of-bounds heap memory access. This issue arises from improper handling of palette buffer allocation, which can lead to memory corruption.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can potentially be exploited to execute arbitrary code.

Reproduction

The vulnerability can be reproduced by using GraphicsMagick versions prior to 1.3.46 to process a WPG file that triggers the palette buffer allocation issue. This can be done by creating or obtaining a WPG file that is known to cause the ReadWPGImage function to mishandle palette data, such as one with an unusual color palette or image dimensions that exceed typical limits.

Remediation

Users are advised to update to GraphicsMagick version 1.3.46 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
5.4
impact
5.0
exploitability
5.7
remediation
7.7
relevance
0.0
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.