Skip to main content

Imagemagick CVE-2025-55154

HIGH
Integer Overflow or Wraparound (CWE-190)
2025-08-13 security-advisories@github.com
Buffer Overflow Integer Overflow Imagemagick Red Hat Suse
8.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
8.3 HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 28, 2026 - 19:06 vuln.today
PoC Detected
Nov 03, 2025 - 19:16 vuln.today
Public exploit code
CVE Published
Aug 13, 2025 - 14:15 nvd
HIGH 8.8

DescriptionGitHub Advisory

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.

AnalysisAI

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27 and 7.1.2-1. Affected products include: Imagemagick.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

More from same product – last 7 days

CVE-2026-53460 HIGH
7.5 Jun 10

Denial of service in ImageMagick prior to 6.9.13-50 and 7.1.2-25 allows remote attackers to trigger an out-of-memory con
CVE-2026-53461 HIGH
7.5 Jun 10

Out-of-bounds heap write in ImageMagick's ICON decoder allows remote attackers to crash the application by supplying a m
CVE-2026-53465 MEDIUM
6.2 Jun 10

Heap-based buffer over-write in ImageMagick's SF3 encoder prior to version 7.1.2-25 allows an attacker who can supply a

CVE-2026-53462 MEDIUM
5.9 Jun 10

Heap-use-after-free in ImageMagick's CheckPrimitiveExtent function allows remote attackers to crash the image processing
CVE-2026-53463 MEDIUM
4.3 Jun 10

Null pointer dereference in ImageMagick's distort operation crashes the processing process when an attacker supplies mal

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Enterprise Storage 7.1 Fixed
SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise High Performance Computing 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6 Fixed
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Fixed

Share

CVE-2025-55154 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy