CVE-2025-62594
BaseFortify
Publication date: 2025-10-27
Last updated on: 2025-11-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| imagemagick | imagemagick | From 7.0.11-13 (inc) to 7.1.1-36 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-369 | The product divides a value by zero. |
| CWE-191 | The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in ImageMagick versions prior to 7.1.2-8 involves a denial-of-service caused by unsigned integer underflow and division-by-zero errors in the CLAHEImage function. Specifically, when the tile width or height is zero, pointer arithmetic underflows, leading to out-of-bounds memory access, and division-by-zero causes the program to crash immediately.
How can this vulnerability impact me? :
The vulnerability can cause denial-of-service by crashing the ImageMagick software when processing certain images, potentially disrupting services or applications that rely on ImageMagick for image processing.
What immediate steps should I take to mitigate this vulnerability?
Update ImageMagick to version 7.1.2-8 or later, as this version contains the patch that fixes the denial-of-service vulnerability caused by unsigned integer underflow and division-by-zero in the CLAHEImage function.