CVE-2025-55004

EUVD-2025-28576
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image. This issue has been patched in version 7.1.2-1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
imagemagickimagemagick
𝑥
< 7.1.2-1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
imagemagick
bookworm
8:6.9.11.60+dfsg-1.6+deb12u5
fixed
bookworm (security)
8:6.9.11.60+dfsg-1.6+deb12u7
fixed
bullseye
8:6.9.11.60+dfsg-1.3+deb11u4
fixed
bullseye (security)
8:6.9.11.60+dfsg-1.3+deb11u10
fixed
forky
8:7.1.2.16+dfsg1-1
fixed
sid
8:7.1.2.18+dfsg1-1
fixed
trixie
8:7.1.1.43+dfsg1-1+deb13u5
fixed
trixie (security)
8:7.1.1.43+dfsg1-1+deb13u7
fixed
Common Weakness Enumeration
References
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw
https://goo.gle/bigsleep
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw