Stack Overflow Vulnerability in ImageMagick Software by ImageMagick Developers
CVE-2025-53101

7.4HIGH

Key Information:

Vendor: Imagemagick
Status: Imagemagick
Vendor: CVE Published:; 14 July 2025

🔔 Create Imagemagick Vulnerability Alert

What is CVE-2025-53101?

A vulnerability exists in ImageMagick versions prior to 7.1.2-0 and 6.9.13-26 that allows attackers to exploit the magick mogrify command. By specifying multiple consecutive %d format specifiers in the filename template, it triggers internal pointer arithmetic that may lead to a stack overflow due to an address calculation below the start of the stack buffer. This vulnerability can compromise the stability and security of applications utilizing ImageMagick for image processing.

Affected Version(s)

ImageMagick < 7.1.2-0 < 7.1.2-0

ImageMagick < 6.9.13-26 < 6.9.13-26

References

https://github.com/ImageMagick/ImageMagick/security/advis...

x_refsource_CONFIRM

https://github.com/ImageMagick/ImageMagick/commit/66dc8f5...

x_refsource_MISC

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 14, 2025
Vulnerability Reserved
Jun 25, 2025