CVE-2025-55004

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image. This issue has been patched in version 7.1.2-1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
GitHub_MCNA
7.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
imagemagickimagemagick
𝑥
< 7.1.2-1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
imagemagick
bullseye
8:6.9.11.60+dfsg-1.3+deb11u4
not-affected
bookworm
8:6.9.11.60+dfsg-1.6+deb12u3
not-affected
bullseye (security)
8:6.9.11.60+dfsg-1.3+deb11u7
fixed
bookworm (security)
8:6.9.11.60+dfsg-1.6+deb12u4
fixed
trixie
vulnerable
trixie (security)
8:7.1.1.43+dfsg1-1+deb13u2
fixed
forky
8:7.1.2.3+dfsg1-1
fixed
sid
8:7.1.2.8+dfsg1-1
fixed
Common Weakness Enumeration
References
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw
https://goo.gle/bigsleep
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw