Integer Overflow Vulnerability in ImageMagick BMP Encoder
CVE-2025-57803

7.5HIGH

Key Information:

Vendor

Imagemagick
Status
Imagemagick
Vendor
CVE Published:
26 August 2025

What is CVE-2025-57803?

ImageMagick, a widely used open-source image editing suite, is affected by an integer overflow in the BMP encoder’s scanline-stride computation. This vulnerability, present in versions prior to 6.9.13-28 and 7.1.2-2, allows attackers to exploit a flaw that causes the bytes_per_line to collapse to a smaller value. Consequently, the first row of an image can write beyond its intended memory bounds, leading to potential heap corruption. This flaw compromises the integrity of memory operations during image manipulation, making it significant for users relying on ImageMagick for secure image processing.

Affected Version(s)

ImageMagick < 7.1.2-2 < 7.1.2-2

ImageMagick < 6.9.13-28 < 6.9.13-28

References

https://github.com/ImageMagick/ImageMagick/security/advis...
x_refsource_CONFIRM
https://github.com/ImageMagick/ImageMagick/commit/2c55221...
x_refsource_MISC
https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.