Do Son 
The maintainers of ImageMagick have patched four security vulnerabilities that could impact applications using the popular image manipulation toolkit, including high-severity memory corruption bugs that could be exploited in certain scenarios. The flaws, tracked as CVE-2025-55154, CVE-2025-55004, CVE-2025-55005, and CVE-2025-55160, affect multiple versions of the software and span issues from integer overflows to heap-buffer overflows.
CVE-2025-55154 β Integer Overflows in MNG Magnification (CVSS 8.8)
This vulnerability arises from unsafe magnified size calculations in the ReadOneMNGImage function when processing the βMAGNβ chunk of MNG files. As the advisory explains,
βBoth the multiplication and the addition of the result of that multiplication to magnified_width can overflow, leading to a valueβ¦ smaller than required.β
The overflow can cause out-of-bounds writes of controlled data beyond heap allocation boundaries, potentially resulting in memory corruption. Triggering the bug requires images with extremely large dimensions (~65,535 pixels), which should be blocked by restrictive security policies. The flaw affects versions < 7.1.2-1 and < 6.9.13-26, and is fixed in 7.1.2-1 and 6.9.13-27.
CVE-2025-55004 β Heap-Buffer Overflow in MNG Magnification with Alpha (CVSS 7.6)
When magnifying images with separate alpha channels, a mismatch between allocated buffer size and the actual number of channels can occur after alpha_trait is updated mid-process.
βThe pixel copying loop will subsequently read beyond the end of the allocationβ¦ This can likely be used to leak subsequent memory contents into the output image.β
This flaw affects versions < 7.1.2-0 and is patched in 7.1.2-1.
CVE-2025-55005 β Heap-Buffer Overflow in Log Colorspace Handling (CVSS 5.5)
This moderate-severity vulnerability occurs in the handling of log colorspace conversions, where insufficient bounds checking can result in a heap-buffer overflow. It impacts versions < 7.1.2-1, with the fix included in 7.1.2-1.
CVE-2025-55160 β Undefined Behavior in CloneSplayTree (CVSS 6.1)
While not exploitable in typical builds, this flaw causes a deterministic abort under Undefined Behavior Sanitizer (UBSan) when parsing minimal inputs. Cisco describes it as having a low security impact in non-sanitized environments:
βNo crash in a non-sanitized build; likely low security impact.β
It can still cause a Denial-of-Service in sanitizer-enabled builds.
Users and administrators are strongly urged to upgrade ImageMagick to 7.1.2-1 (or 6.9.13-27 for the legacy branch). With ImageMagick widely embedded in web applications, backend processing services, and content management systems, these vulnerabilities underscore the importance of timely patching and secure configuration.
Related Posts:
- ImageMagick AppImage Vulnerability Opens Door to Arbitrary Code Execution
- CISA Alerts on Active Exploitation of Flaws in ImageMagick, Linux Kernel, and SonicWall
- ImageMagick Flaw (CVE-2025-53101): Stack Buffer Overflow Allows Potential Remote Code Execution
- Critical CodeIgniter Flaw (CVSS 9.8) Allows Remote Code Execution, Over 2.9 Million Downloads at Risk
- Shell Command Injection Bug Affecting ImageMagick
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
