Vulnerability Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage() divides by these zero dimensions, triggering a crash (SIGFPE/abort), resulting in a denial of service. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Imagemagick | Imagemagick | < 6.9.13-28 |
Related Weaknesses (CWE)
References
- https://github.com/ImageMagick/ImageMagick/blob/0ba1b587be17543b664f7ad538e9e51eProduct
- https://github.com/ImageMagick/ImageMagick/blob/0ba1b587be17543b664f7ad538e9e51eProduct
- https://github.com/ImageMagick/ImageMagick/commit/5f0bcf986b8b5e90567750d31a37afPatch
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxExploitVendor Advisory
- https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1Release Notes
- https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxExploitVendor Advisory
FAQ
What is CVE-2025-55212?
CVE-2025-55212 is a vulnerability with a CVSS score of 3.7 (LOW). ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":") to monta...
How severe is CVE-2025-55212?
CVE-2025-55212 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-55212?
Check the references section above for vendor advisories and patch information. Affected products include: Imagemagick Imagemagick.