Skip to main content

Imagemagick CVE-2025-55005

MEDIUM
Heap-based Buffer Overflow (CWE-122)
2025-08-13 security-advisories@github.com
Heap Overflow Buffer Overflow Imagemagick Red Hat Suse
5.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
3.3 LOW
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch released
Apr 06, 2026 - 20:30 nvd
Patch available
Analysis Generated
Mar 28, 2026 - 19:06 vuln.today
PoC Detected
Aug 15, 2025 - 19:36 vuln.today
Public exploit code
CVE Published
Aug 13, 2025 - 14:15 nvd
MEDIUM 5.5

DescriptionGitHub Advisory

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024. This leads to corrupting memory beyond the end of the allocated logmap buffer. This issue has been patched in version 7.1.2-1.

AnalysisAI

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-122. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024. This leads to corrupting memory beyond the end of the allocated logmap buffer. This issue has been patched in version 7.1.2-1. Affected products include: Imagemagick. Version information: version 7.1.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More from same product – last 7 days

CVE-2026-53460 HIGH
7.5 Jun 10

Denial of service in ImageMagick prior to 6.9.13-50 and 7.1.2-25 allows remote attackers to trigger an out-of-memory con
CVE-2026-53461 HIGH
7.5 Jun 10

Out-of-bounds heap write in ImageMagick's ICON decoder allows remote attackers to crash the application by supplying a m
CVE-2026-53465 MEDIUM
6.2 Jun 10

Heap-based buffer over-write in ImageMagick's SF3 encoder prior to version 7.1.2-25 allows an attacker who can supply a

CVE-2026-53462 MEDIUM
5.9 Jun 10

Heap-use-after-free in ImageMagick's CheckPrimitiveExtent function allows remote attackers to crash the image processing
CVE-2026-53463 MEDIUM
4.3 Jun 10

Null pointer dereference in ImageMagick's distort operation crashes the processing process when an attacker supplies mal

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Enterprise Storage 7.1 Fixed
SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise High Performance Computing 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6 Fixed
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Fixed

Share

CVE-2025-55005 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy