CVE-2025-55004

EUVD-2025-28576
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image. This issue has been patched in version 7.1.2-1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Affected Products (NVD)
VendorProductVersion
imagemagickimagemagick
𝑥
< 7.1.2-1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
imagemagick
bookworm
8:6.9.11.60+dfsg-1.6+deb12u9
fixed
bookworm (security)
8:6.9.11.60+dfsg-1.6+deb12u9
fixed
bullseye
8:6.9.11.60+dfsg-1.3+deb11u4
fixed
bullseye (security)
8:6.9.11.60+dfsg-1.3+deb11u12
fixed
forky
8:7.1.2.21+dfsg1-1
fixed
sid
8:7.1.2.21+dfsg1-1
fixed
trixie
8:7.1.1.43+dfsg1-1+deb13u8
fixed
trixie (security)
8:7.1.1.43+dfsg1-1+deb13u8
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
ImageMagick
suse enterprise desktop 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise desktop 15 SP7
7.1.1.43-150700.3.13.1
fixed
suse enterprise sap 15 SP4
7.1.0.9-150400.6.40.1
fixed
suse enterprise sap 15 SP5
7.1.0.9-150400.6.40.1
fixed
suse enterprise sap 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise sap 15 SP7
7.1.1.43-150700.3.13.1
fixed
suse enterprise server 15 SP2
7.0.7.34-150200.10.62.1
fixed
suse enterprise server 15 SP3
7.0.7.34-150200.10.62.1
fixed
suse enterprise server 15 SP4
7.1.0.9-150400.6.40.1
fixed
suse enterprise server 15 SP5
7.1.0.9-150400.6.40.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise server 15 SP7
7.1.1.43-150700.3.13.1
fixed
ImageMagick-config-7-SUSE
suse enterprise desktop 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise desktop 15 SP7
7.1.1.43-150700.3.13.1
fixed
suse enterprise sap 15 SP4
7.1.0.9-150400.6.40.1
fixed
suse enterprise sap 15 SP5
7.1.0.9-150400.6.40.1
fixed
suse enterprise sap 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise sap 15 SP7
7.1.1.43-150700.3.13.1
fixed
suse enterprise server 15 SP2
7.0.7.34-150200.10.62.1
fixed
suse enterprise server 15 SP3
7.0.7.34-150200.10.62.1
fixed
suse enterprise server 15 SP4
7.1.0.9-150400.6.40.1
fixed
suse enterprise server 15 SP5
7.1.0.9-150400.6.40.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise server 15 SP7
7.1.1.43-150700.3.13.1
fixed
ImageMagick-config-7-upstream
suse enterprise desktop 15 SP6
7.1.0.9-150400.6.40.1
fixed
suse enterprise desktop 15 SP7
7.1.0.9-150400.6.40.1
fixed
suse enterprise sap 15 SP4
7.1.0.9-150400.6.40.1
fixed
suse enterprise sap 15 SP5
7.1.0.9-150400.6.40.1
fixed
suse enterprise sap 15 SP6
7.1.0.9-150400.6.40.1
fixed
suse enterprise sap 15 SP7
7.1.0.9-150400.6.40.1
fixed
suse enterprise server 15 SP2
7.0.7.34-150200.10.62.1
fixed
suse enterprise server 15 SP3
7.0.7.34-150200.10.62.1
fixed
suse enterprise server 15 SP4
7.1.0.9-150400.6.40.1
fixed
suse enterprise server 15 SP5
7.1.0.9-150400.6.40.1
fixed
suse enterprise server 15 SP6
7.1.0.9-150400.6.40.1
fixed
suse enterprise server 15 SP7
7.1.0.9-150400.6.40.1
fixed
ImageMagick-config-7-upstream-limited
suse enterprise desktop 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise desktop 15 SP7
7.1.1.43-150700.3.13.1
fixed
suse enterprise sap 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise sap 15 SP7
7.1.1.43-150700.3.13.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise server 15 SP7
7.1.1.43-150700.3.13.1
fixed
ImageMagick-config-7-upstream-open
suse enterprise desktop 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise desktop 15 SP7
7.1.1.43-150700.3.13.1
fixed
suse enterprise sap 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise sap 15 SP7
7.1.1.43-150700.3.13.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise server 15 SP7
7.1.1.43-150700.3.13.1
fixed
ImageMagick-config-7-upstream-secure
suse enterprise desktop 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise desktop 15 SP7
7.1.1.43-150700.3.13.1
fixed
suse enterprise sap 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise sap 15 SP7
7.1.1.43-150700.3.13.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise server 15 SP7
7.1.1.43-150700.3.13.1
fixed
ImageMagick-config-7-upstream-websafe
suse enterprise desktop 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise desktop 15 SP7
7.1.1.43-150700.3.13.1
fixed
suse enterprise sap 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise sap 15 SP7
7.1.1.43-150700.3.13.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise server 15 SP7
7.1.1.43-150700.3.13.1
fixed
ImageMagick-devel
suse enterprise desktop 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise desktop 15 SP7
7.1.1.43-150700.3.13.1
fixed
suse enterprise sap 15 SP4
7.1.0.9-150400.6.40.1
fixed
suse enterprise sap 15 SP5
7.1.0.9-150400.6.40.1
fixed
suse enterprise sap 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise sap 15 SP7
7.1.1.43-150700.3.13.1
fixed
suse enterprise server 15 SP2
7.0.7.34-150200.10.62.1
fixed
suse enterprise server 15 SP3
7.0.7.34-150200.10.62.1
fixed
suse enterprise server 15 SP4
7.1.0.9-150400.6.40.1
fixed
suse enterprise server 15 SP5
7.1.0.9-150400.6.40.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise server 15 SP7
7.1.1.43-150700.3.13.1
fixed
libMagick++-7_Q16HDRI4
suse enterprise server 15 SP2
7.0.7.34-150200.10.62.1
fixed
suse enterprise server 15 SP3
7.0.7.34-150200.10.62.1
fixed
libMagick++-7_Q16HDRI5
suse enterprise desktop 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise desktop 15 SP7
7.1.1.43-150700.3.13.1
fixed
suse enterprise sap 15 SP4
7.1.0.9-150400.6.40.1
fixed
suse enterprise sap 15 SP5
7.1.0.9-150400.6.40.1
fixed
suse enterprise sap 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise sap 15 SP7
7.1.1.43-150700.3.13.1
fixed
suse enterprise server 15 SP4
7.1.0.9-150400.6.40.1
fixed
suse enterprise server 15 SP5
7.1.0.9-150400.6.40.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise server 15 SP7
7.1.1.43-150700.3.13.1
fixed
libMagick++-devel
suse enterprise desktop 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise desktop 15 SP7
7.1.1.43-150700.3.13.1
fixed
suse enterprise sap 15 SP4
7.1.0.9-150400.6.40.1
fixed
suse enterprise sap 15 SP5
7.1.0.9-150400.6.40.1
fixed
suse enterprise sap 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise sap 15 SP7
7.1.1.43-150700.3.13.1
fixed
suse enterprise server 15 SP2
7.0.7.34-150200.10.62.1
fixed
suse enterprise server 15 SP3
7.0.7.34-150200.10.62.1
fixed
suse enterprise server 15 SP4
7.1.0.9-150400.6.40.1
fixed
suse enterprise server 15 SP5
7.1.0.9-150400.6.40.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise server 15 SP7
7.1.1.43-150700.3.13.1
fixed
libMagickCore-7_Q16HDRI10
suse enterprise desktop 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise desktop 15 SP7
7.1.1.43-150700.3.13.1
fixed
suse enterprise sap 15 SP4
7.1.0.9-150400.6.40.1
fixed
suse enterprise sap 15 SP5
7.1.0.9-150400.6.40.1
fixed
suse enterprise sap 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise sap 15 SP7
7.1.1.43-150700.3.13.1
fixed
suse enterprise server 15 SP4
7.1.0.9-150400.6.40.1
fixed
suse enterprise server 15 SP5
7.1.0.9-150400.6.40.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise server 15 SP7
7.1.1.43-150700.3.13.1
fixed
libMagickCore-7_Q16HDRI6
suse enterprise server 15 SP2
7.0.7.34-150200.10.62.1
fixed
suse enterprise server 15 SP3
7.0.7.34-150200.10.62.1
fixed
libMagickWand-7_Q16HDRI10
suse enterprise desktop 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise desktop 15 SP7
7.1.1.43-150700.3.13.1
fixed
suse enterprise sap 15 SP4
7.1.0.9-150400.6.40.1
fixed
suse enterprise sap 15 SP5
7.1.0.9-150400.6.40.1
fixed
suse enterprise sap 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise sap 15 SP7
7.1.1.43-150700.3.13.1
fixed
suse enterprise server 15 SP4
7.1.0.9-150400.6.40.1
fixed
suse enterprise server 15 SP5
7.1.0.9-150400.6.40.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.20.1
fixed
suse enterprise server 15 SP7
7.1.1.43-150700.3.13.1
fixed
libMagickWand-7_Q16HDRI6
suse enterprise server 15 SP2
7.0.7.34-150200.10.62.1
fixed
suse enterprise server 15 SP3
7.0.7.34-150200.10.62.1
fixed
perl-PerlMagick
suse enterprise sap 15 SP4
7.1.0.9-150400.6.40.1
fixed
suse enterprise sap 15 SP5
7.1.0.9-150400.6.40.1
fixed
suse enterprise server 15 SP2
7.0.7.34-150200.10.62.1
fixed
suse enterprise server 15 SP3
7.0.7.34-150200.10.62.1
fixed
suse enterprise server 15 SP4
7.1.0.9-150400.6.40.1
fixed
suse enterprise server 15 SP5
7.1.0.9-150400.6.40.1
fixed
Common Weakness Enumeration
References
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw
https://goo.gle/bigsleep
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw