Denial of Service Vulnerability in ImageMagick Affects Multiple Versions
CVE-2025-55212
3.7LOW
What is CVE-2025-55212?
A vulnerability in ImageMagick allows an attacker to crash the application by passing a geometry string containing only a colon (':') to the montage command. This causes the GetGeometry() function to set both the width and height to zero, leading to a crash when ThumbnailImage() attempts to operate with these invalid dimensions. The issue impacts users of versions prior to 6.9.13-28 and 7.1.2-2, and has been addressed in subsequent updates.
Affected Version(s)
ImageMagick < 7.1.2-2 < 7.1.2-2
ImageMagick < 6.9.13-28 < 6.9.13-28
References
CVSS V3.1
Score:
3.7
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved