CVE-2025-55004
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-08-15
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| imagemagick | imagemagick | From 7.0.11-13 (inc) to 7.1.1-36 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in ImageMagick involves a heap-buffer overflow read when handling images with separate alpha channels during image magnification in the ReadOneMNGImage function. It can cause memory contents beyond the intended buffer to be read and potentially leaked into the output image. This issue was fixed in version 7.1.2-1.
How can this vulnerability impact me? :
The vulnerability can lead to leakage of memory contents into output images, which may expose sensitive information stored in memory. This could be exploited by attackers to gain unauthorized access to data or cause denial of service due to memory corruption.
What immediate steps should I take to mitigate this vulnerability?
Update ImageMagick to version 7.1.2-1 or later, as this version contains the patch that fixes the heap-buffer overflow vulnerability.