CVE-2025-55005
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-08-15
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| imagemagick | imagemagick | From 7.0.11-13 (inc) to 7.1.1-36 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in ImageMagick occurs when transforming images from Log to sRGB colorspaces. Specifically, the logmap construction does not properly handle cases where the reference-black or reference-white value exceeds 1024, causing memory corruption beyond the allocated buffer. This can lead to instability or crashes. The issue was fixed in version 7.1.2-1.
How can this vulnerability impact me? :
The vulnerability can cause memory corruption which may lead to application crashes or instability when processing images with certain color values. This could potentially be exploited to disrupt services or cause denial of service in systems using vulnerable versions of ImageMagick.
What immediate steps should I take to mitigate this vulnerability?
Update ImageMagick to version 7.1.2-1 or later, as this version contains the patch that fixes the vulnerability related to logmap construction when transforming from Log to sRGB colorspaces.