Stack Overflow Vulnerability in ImageMagick Software by ImageMagick Developers
CVE-2025-53101
What is CVE-2025-53101?
CVE-2025-53101 is a critical vulnerability identified in ImageMagick, a popular free and open-source software suite that specializes in editing and manipulating digital images. This vulnerability specifically affects earlier versions of ImageMagick, including versions prior to 7.1.2-0 and 6.9.13-26. The issue arises from the magick mogrify command, where providing multiple consecutive %d format specifiers within a filename template inadvertently leads to a stack overflow due to flawed internal pointer arithmetic. As a result, an attacker could exploit this weakness to manipulate memory allocations, potentially leading to arbitrary code execution or crashes, thereby impacting the integrity and availability of affected systems within an organization.
Potential Impact of CVE-2025-53101
-
Arbitrary Code Execution: The stack overflow vulnerability could allow attackers to execute malicious code on the server running ImageMagick, potentially leading to unauthorized access and manipulation of sensitive data.
-
Denial of Service (DoS): Exploitation of this vulnerability may result in application crashes or instability, effectively disrupting image processing services and causing downtime for organizations that rely on ImageMagick for critical image handling tasks.
-
Data Integrity Risks: By leveraging this vulnerability, malicious users could introduce corrupt or harmful content into image files processed by ImageMagick, undermining data integrity and trust in the digital assets managed by affected organizations.
Affected Version(s)
ImageMagick < 7.1.2-0 < 7.1.2-0
ImageMagick < 6.9.13-26 < 6.9.13-26