CVE-2025-53101
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-14

Last updated on: 2025-11-03

Assigner: GitHub, Inc.

Description
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-14
Last Modified
2025-11-03
Generated
2026-05-07
AI Q&A
2025-07-14
EPSS Evaluated
2026-05-05
NVD
CVE-2025-53101
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
imagemagick imagemagick From 7.0.11-13 (inc) to 7.1.1-36 (inc)
imagemagick imagemagick From 7.0.11-13 (inc) to 7.1.1-36 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-124 The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-53101 is a stack buffer overflow vulnerability in ImageMagick's magick mogrify command. It occurs when multiple consecutive format specifiers like %d are used in a filename template. The vulnerability is caused by improper pointer arithmetic that calculates an address before the start of the stack buffer during string formatting, leading to a buffer underwrite and overflow via the vsnprintf() function. This happens because the code incorrectly increments an offset by a fixed value that does not account for the actual length of the formatted string, causing memory corruption. The issue was fixed by adding proper validation and dynamically adjusting the offset based on the actual formatted string length to prevent writing outside the buffer. [1, 2]


How can this vulnerability impact me? :

This vulnerability can allow remote attackers to cause a stack buffer overflow by supplying crafted filename templates with multiple consecutive format specifiers. The impact includes potential arbitrary code execution or denial of service (crash) of the ImageMagick process. The CVSS score is 7.4 (High), indicating a serious risk. The attack requires no privileges or user interaction but has high attack complexity. It can compromise the integrity and availability of the system running vulnerable versions of ImageMagick. [2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by running the vulnerable ImageMagick 'magick mogrify' command with a crafted filename template containing multiple consecutive '%d' format specifiers, such as 'magick mogrify %d%d'. On a system with AddressSanitizer enabled, this triggers a stack-buffer-overflow error, indicating the presence of the vulnerability. [2]


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability immediately, upgrade ImageMagick to version 7.1.2-0 or later (for the 7.x branch) or 6.9.13-26 or later (for the 6.x branch), where the issue has been patched. Avoid using filename templates with multiple consecutive format specifiers such as '%d%d' until the update is applied. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart