Heap-Buffer Overflow Vulnerability in ImageMagick Software
CVE-2025-55004

7.6HIGH

Key Information:

Vendor: Imagemagick
Status: Imagemagick
Vendor: CVE Published:; 13 August 2025

🔔 Create Imagemagick Vulnerability Alert

What is CVE-2025-55004?

ImageMagick, an open-source software used for manipulating digital images, contains a vulnerability related to heap-buffer overflow in the handling of images with separate alpha channels during the magnification process in ReadOneMNGIMage. This flaw allows potential attackers to leak sensitive memory contents into the output image. The issue affects all versions prior to 7.1.2-1, which includes a patch addressing this vulnerability.

Affected Version(s)

ImageMagick < 7.1.2-1

References

https://github.com/ImageMagick/ImageMagick/security/advis...

x_refsource_CONFIRM

https://goo.gle/bigsleep

x_refsource_MISC

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2025
Vulnerability Reserved
Aug 4, 2025