CVE-2025-57807

EUVD-2025-27126

05.09.2025, 22:15

ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include  insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.8 LOW	LOCAL	HIGH	HIGH	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 22%

Affected Products (NVD)

Vendor	Product	Version
imagemagick	imagemagick	𝑥 < 6.9.13-29
imagemagick	imagemagick	7.0.0-0 ≤ 𝑥 < 7.1.2-3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

imagemagick

bookworm	8:6.9.11.60+dfsg-1.6+deb12u9 fixed
bookworm (security)	8:6.9.11.60+dfsg-1.6+deb12u10 fixed
bullseye	vulnerable
bullseye (security)	8:6.9.11.60+dfsg-1.3+deb11u13 fixed
forky	8:7.1.2.23+dfsg1-1 fixed
sid	8:7.1.2.24+dfsg1-1 fixed
trixie	8:7.1.1.43+dfsg1-1+deb13u8 fixed
trixie (security)	8:7.1.1.43+dfsg1-1+deb13u9 fixed

openSUSE / SLES Releases

openSUSE Product

Release

ImageMagick

suse enterprise desktop 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise desktop 15 SP7	7.1.1.43-150700.3.16.1 fixed
suse enterprise sap 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.3.16.1 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.43.1 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.3.16.1 fixed

ImageMagick-config-7-SUSE

suse enterprise desktop 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise desktop 15 SP7	7.1.1.43-150700.3.16.1 fixed
suse enterprise sap 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.3.16.1 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.43.1 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.3.16.1 fixed

ImageMagick-config-7-upstream

suse enterprise desktop 15 SP6	7.1.0.9-150400.6.43.1 fixed
suse enterprise desktop 15 SP7	7.1.0.9-150400.6.43.1 fixed
suse enterprise sap 15 SP6	7.1.0.9-150400.6.43.1 fixed
suse enterprise sap 15 SP7	7.1.0.9-150400.6.43.1 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.43.1 fixed
suse enterprise server 15 SP6	7.1.0.9-150400.6.43.1 fixed
suse enterprise server 15 SP7	7.1.0.9-150400.6.43.1 fixed

ImageMagick-config-7-upstream-limited

suse enterprise desktop 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise desktop 15 SP7	7.1.1.43-150700.3.16.1 fixed
suse enterprise sap 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.3.16.1 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.3.16.1 fixed

ImageMagick-config-7-upstream-open

suse enterprise desktop 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise desktop 15 SP7	7.1.1.43-150700.3.16.1 fixed
suse enterprise sap 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.3.16.1 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.3.16.1 fixed

ImageMagick-config-7-upstream-secure

suse enterprise desktop 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise desktop 15 SP7	7.1.1.43-150700.3.16.1 fixed
suse enterprise sap 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.3.16.1 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.3.16.1 fixed

ImageMagick-config-7-upstream-websafe

suse enterprise desktop 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise desktop 15 SP7	7.1.1.43-150700.3.16.1 fixed
suse enterprise sap 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.3.16.1 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.3.16.1 fixed

ImageMagick-devel

suse enterprise desktop 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise desktop 15 SP7	7.1.1.43-150700.3.16.1 fixed
suse enterprise sap 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.3.16.1 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.43.1 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.3.16.1 fixed

libMagick++-7_Q16HDRI5

suse enterprise desktop 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise desktop 15 SP7	7.1.1.43-150700.3.16.1 fixed
suse enterprise sap 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.3.16.1 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.43.1 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.3.16.1 fixed

libMagick++-devel

suse enterprise desktop 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise desktop 15 SP7	7.1.1.43-150700.3.16.1 fixed
suse enterprise sap 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.3.16.1 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.43.1 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.3.16.1 fixed

libMagickCore-7_Q16HDRI10

suse enterprise desktop 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise desktop 15 SP7	7.1.1.43-150700.3.16.1 fixed
suse enterprise sap 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.3.16.1 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.43.1 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.3.16.1 fixed

libMagickWand-7_Q16HDRI10

suse enterprise desktop 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise desktop 15 SP7	7.1.1.43-150700.3.16.1 fixed
suse enterprise sap 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.3.16.1 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.43.1 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.23.1 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.3.16.1 fixed

perl-PerlMagick

suse enterprise server 15 SP4

7.1.0.9-150400.6.43.1

fixed

Amazon Linux Releases

Amazon Package

Release

ImageMagick

Amazon Linux 2	0:6.9.10.97-1.amzn2.0.17 fixed
Amazon Linux 2023	1:6.9.13.29-1.amzn2023.0.1 fixed

ImageMagick-c++

Amazon Linux 2	0:6.9.10.97-1.amzn2.0.17 fixed
Amazon Linux 2023	1:6.9.13.29-1.amzn2023.0.1 fixed

ImageMagick-c++-debuginfo

Amazon Linux 2023

1:6.9.13.29-1.amzn2023.0.1

fixed

ImageMagick-c++-devel

Amazon Linux 2	0:6.9.10.97-1.amzn2.0.17 fixed
Amazon Linux 2023	1:6.9.13.29-1.amzn2023.0.1 fixed

ImageMagick-debuginfo

Amazon Linux 2	0:6.9.10.97-1.amzn2.0.17 fixed
Amazon Linux 2023	1:6.9.13.29-1.amzn2023.0.1 fixed

ImageMagick-debugsource

Amazon Linux 2023

1:6.9.13.29-1.amzn2023.0.1

fixed

ImageMagick-devel

Amazon Linux 2	0:6.9.10.97-1.amzn2.0.17 fixed
Amazon Linux 2023	1:6.9.13.29-1.amzn2023.0.1 fixed

ImageMagick-doc

Amazon Linux 2	0:6.9.10.97-1.amzn2.0.17 fixed
Amazon Linux 2023	1:6.9.13.29-1.amzn2023.0.1 fixed

ImageMagick-libs

Amazon Linux 2023

1:6.9.13.29-1.amzn2023.0.1

fixed

ImageMagick-libs-debuginfo

Amazon Linux 2023

1:6.9.13.29-1.amzn2023.0.1

fixed

ImageMagick-perl

Amazon Linux 2	0:6.9.10.97-1.amzn2.0.17 fixed
Amazon Linux 2023	1:6.9.13.29-1.amzn2023.0.1 fixed

ImageMagick-perl-debuginfo

Amazon Linux 2023

1:6.9.13.29-1.amzn2023.0.1

fixed

Known Exploits!

Common Weakness Enumeration

CWE-122 - Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References

https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-23hg-53q6-hqfg

https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-23hg-53q6-hqfg