CVE-2025-55005NVD

Vulnerability Summary

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024. This leads to corrupting memory beyond the end of the allocated logmap buffer. This issue has been patched in version 7.1.2-1.

Severity Level

MEDIUM(5.5)

Published Date

Aug 13, 2025

Last Modified

Aug 15, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-122: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

ScopeUnchanged

ConfidentialityNone

IntegrityNone

AvailabilityHigh

External References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp
https://goo.gle/bigsleep
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-55005NVD

Vulnerability Summary

External References