Denial of Service Vulnerability in ImageMagick Affects Multiple Versions
CVE-2025-55212

3.7LOW

Key Information:

Vendor

Imagemagick
Status
Imagemagick
Vendor
CVE Published:
26 August 2025

What is CVE-2025-55212?

A vulnerability in ImageMagick allows an attacker to crash the application by passing a geometry string containing only a colon (':') to the montage command. This causes the GetGeometry() function to set both the width and height to zero, leading to a crash when ThumbnailImage() attempts to operate with these invalid dimensions. The issue impacts users of versions prior to 6.9.13-28 and 7.1.2-2, and has been addressed in subsequent updates.

Affected Version(s)

ImageMagick < 7.1.2-2 < 7.1.2-2

ImageMagick < 6.9.13-28 < 6.9.13-28

References

https://github.com/ImageMagick/ImageMagick/security/advis...
x_refsource_CONFIRM
https://github.com/ImageMagick/ImageMagick/commit/5f0bcf9...
x_refsource_MISC
https://github.com/ImageMagick/ImageMagick/blob/0ba1b587b...
x_refsource_MISC

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-55212 : Denial of Service Vulnerability in ImageMagick Affects Multiple Versions