Vulnerability Description
ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Imagemagick | Imagemagick | < 6.9.13-29 |
Related Weaknesses (CWE)
References
- https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5Patch
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-23hg-53q6-hqExploitMitigationVendor Advisory
- https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-23hg-53q6-hqExploitMitigationVendor Advisory
FAQ
What is CVE-2025-57807?
CVE-2025-57807 is a vulnerability with a CVSS score of 3.8 (LOW). ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing t...
How severe is CVE-2025-57807?
CVE-2025-57807 has been rated LOW with a CVSS base score of 3.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-57807?
Check the references section above for vendor advisories and patch information. Affected products include: Imagemagick Imagemagick.