ImageMagick Flaw Risks Arbitrary Memory Disclosure via PSX TIM File Integer Overflow on 32-bit Systems

A high-severity vulnerability has been uncovered in ImageMagick, the ubiquitous open-source image processing suite used by millions of websites and applications. The flaw, tracked as CVE-2025-66628 (CVSS 7.5), hides within the parser for an obscure retro gaming file format: the PSX TIM image.

While the format typically belongs to the era of the original PlayStation, this vulnerability poses a very modern risk to 32-bit systems, potentially allowing attackers to read sensitive memory contents through a simple integer overflow.

The vulnerability resides in the ReadTIMImage function within coders/tim.c, the component responsible for decoding TIM files. The issue stems from a classic mathematical oversight: the software blindly trusts the dimensions listed in the file header.

According to the vulnerability report, the code reads the image’s 16-bit width and height and then calculates the total memory needed using the formula: image_size = 2 * width * height. Crucially, this calculation is performed “without checking for overflow”.

On 32-bit systems, or environments where size_t is 32-bit, this creates a dangerous condition. If an attacker crafts a malicious TIM file with large dimensions (e.g., 65535 x 65535), the multiplication wraps around, resulting in a number far smaller than intended.

“This results in a small heap allocation via AcquireQuantumMemory,” the report explains. However, the program proceeds as if it has a massive buffer, leading subsequent operations to “trigger an out of bounds read”.

This vulnerability allows for Arbitrary Memory Disclosure. By triggering the out-of-bounds read, an attacker could potentially trick the application into revealing data stored in adjacent memory blocks—information that could include passwords, keys, or other sensitive session data.

The issue specifically impacts ImageMagick versions prior to 7.1.2-9. The maintainers have patched the flaw in version 7.1.2-10, which introduces proper overflow checks to prevent the wraparound.

Administrators running ImageMagick on 32-bit architecture—including legacy servers and certain IoT devices—are strongly urged to upgrade immediately.

Related Posts:

• Tim Cook Stepping Down Next Year? Rumors Firmly Dismissed by Mark Gurman
• ImageMagick AppImage Vulnerability Opens Door to Arbitrary Code Execution
• CISA Alerts on Active Exploitation of Flaws in ImageMagick, Linux Kernel, and SonicWall
• Apple Leadership Shake-Up: Tim Cook Expected to Stay 5 More Years as Generational Transition & AI Challenges Loom