CVE-2025-66628

EUVD-2025-202428
ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in its ReadTIMImage function (coders/tim.c). The code reads width and height (16-bit values) from the file header and calculates image_size = 2 * width * height without checking for overflow. On 32-bit systems (or where size_t is 32-bit), this calculation can overflow if width and height are large (e.g., 65535), wrapping around to a small value. This results in a small heap allocation via AcquireQuantumMemory and later operations relying on the dimensions can trigger an out of bounds read. This issue is fixed in version 7.1.2-10.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
GitHub_MCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
imagemagickimagemagick
𝑥
< 7.1.2-10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
imagemagick
bookworm
8:6.9.11.60+dfsg-1.6+deb12u5
fixed
bookworm (security)
8:6.9.11.60+dfsg-1.6+deb12u6
fixed
bullseye
vulnerable
bullseye (security)
8:6.9.11.60+dfsg-1.3+deb11u9
fixed
forky
8:7.1.2.13+dfsg1-1
fixed
sid
8:7.1.2.13+dfsg1-1
fixed
trixie
8:7.1.1.43+dfsg1-1+deb13u4
fixed
trixie (security)
8:7.1.1.43+dfsg1-1+deb13u5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
imagemagick
bionic
needed
focal
needed
jammy
needed
noble
needed
plucky
ignored
questing
needed
trusty
needed
xenial
needed
Common Weakness Enumeration
References
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hjr-v6g4-3fm8
https://github.com/dlemstra/Magick.NET/commit/2dfa08e15cfd11016a79615994787b14f9048b1c