CVE-2025-55154
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-11-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| imagemagick | imagemagick | From 7.0.11-13 (inc) to 7.1.1-36 (inc) |
| imagemagick | imagemagick | From 7.0.11-13 (inc) to 7.1.1-36 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in ImageMagick involves unsafe magnified size calculations in the ReadOneMNGIMage function within the PNG coder. These calculations can overflow, which may lead to memory corruption. The issue affects versions prior to 6.9.13-27 and 7.1.2-1 and has been fixed in those versions.
How can this vulnerability impact me? :
The vulnerability can lead to memory corruption, which may be exploited to cause denial of service, data corruption, or potentially allow an attacker to execute arbitrary code. This can compromise the confidentiality, integrity, and availability of systems using vulnerable versions of ImageMagick.
What immediate steps should I take to mitigate this vulnerability?
Update ImageMagick to version 6.9.13-27 or later, or 7.1.2-1 or later, as these versions contain the patch that fixes the unsafe magnified size calculations causing memory corruption.