Vulnerability Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image. This issue has been patched in version 7.1.2-1.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Imagemagick | Imagemagick | < 7.1.2-1 |
Related Weaknesses (CWE)
References
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chExploitThird Party Advisory
- https://goo.gle/bigsleepIssue Tracking
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chExploitThird Party Advisory
FAQ
What is CVE-2025-55004?
CVE-2025-55004 is a vulnerability with a CVSS score of 7.6 (HIGH). ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of i...
How severe is CVE-2025-55004?
CVE-2025-55004 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-55004?
Check the references section above for vendor advisories and patch information. Affected products include: Imagemagick Imagemagick.