{"id":"JLSEC-2026-494","summary":"WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation.","details":"ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.","modified":"2026-05-13T02:02:51.654992291Z","published":"2026-05-13T01:42:44.063Z","upstream":["CVE-2025-27796","EUVD-2025-6239","GHSA-v5xf-gj23-85jx"],"database_specific":{"sources":[{"url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-27796","published":"2025-03-07T06:15:35.620Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27796","modified":"2026-01-29T20:56:31.340Z","imported":"2026-05-13T00:52:49.697Z","id":"CVE-2025-27796","database_specific":{"status":"Analyzed"}},{"url":"https://api.github.com/advisories/GHSA-v5xf-gj23-85jx","published":"2025-03-07T06:30:33Z","html_url":"https://github.com/advisories/GHSA-v5xf-gj23-85jx","modified":"2025-03-07T18:32:10Z","id":"GHSA-v5xf-gj23-85jx","imported":"2026-05-13T00:52:54.866Z"},{"imported":"2026-05-13T00:52:53.398Z","published":"2025-03-07T00:00:00Z","html_url":"https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-6239","modified":"2025-03-07T21:32:29Z","id":"EUVD-2025-6239","url":"https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2025-6239"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"http://www.graphicsmagick.org/NEWS.html"},{"type":"WEB","url":"https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3f9f"},{"type":"WEB","url":"https://github.com/advisories/GHSA-v5xf-gj23-85jx"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27796"},{"type":"WEB","url":"https://sourceforge.net/p/graphicsmagick/bugs/750"},{"type":"WEB","url":"https://sourceforge.net/p/graphicsmagick/bugs/750/"}],"affected":[{"package":{"name":"GraphicsMagick_jll","ecosystem":"Julia","purl":"pkg:julia/GraphicsMagick_jll?uuid=aa65733b-c888-5e24-8545-c87abc10c960"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.3.47+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-494.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L"}]}