Search

Search is not available in local development.
Run npx pagefind --site __site after building to enable it.

JLSEC-2026-494 Medium 4.5

WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation.

Source Edit History OSV JSON (OSV)

JLSEC Published: May 13, 2026
Modified: May 13, 2026
Severity: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L
Affected Packages: GraphicsMagick_jll < 1.3.47+0
Aliases / Upstream: CVE-2025-27796 GHSA-v5xf-gj23-85jx EUVD-2025-6239

ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.

References