Heap-Buffer Overflow Vulnerability in ImageMagick Software
CVE-2025-55004

4.3MEDIUM

Key Information:

Vendor: Imagemagick
Status: Imagemagick
Vendor: CVE Published:; 13 August 2025

🔔 Create Imagemagick Vulnerability Alert

What is CVE-2025-55004?

ImageMagick, an open-source software used for manipulating digital images, contains a vulnerability related to heap-buffer overflow in the handling of images with separate alpha channels during the magnification process in ReadOneMNGIMage. This flaw allows potential attackers to leak sensitive memory contents into the output image. The issue affects all versions prior to 7.1.2-1, which includes a patch addressing this vulnerability.

Affected Version(s)

ImageMagick < 7.1.2-1

References

https://github.com/ImageMagick/ImageMagick/security/advis...

x_refsource_CONFIRM

https://goo.gle/bigsleep

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 13, 2025
Vulnerability Reserved
Aug 4, 2025

JSON