Memory Manipulation Vulnerability in ImageMagick from ImageMagick
CVE-2025-57807

3.8LOW

Key Information:

Vendor: Imagemagick
Status: Imagemagick
Vendor: CVE Published:; 5 September 2025

🔔 Create Imagemagick Vulnerability Alert

What is CVE-2025-57807?

ImageMagick, a widely used open-source software for image editing and manipulation, has a vulnerability present in versions prior to 14.8.2. This vulnerability arises from the insecure handling of stream offsets by the functions SeekBlob() and WriteBlob(). Specifically, SeekBlob() allows modification of the stream offset beyond its current boundaries without proper capacity checks. Consequently, this enables an unsafe memory write operation, where data may be copied to memory locations outside of the allocated block when a certain offset is exceeded. This flaw may lead to unpredictable behavior, including potential exploitation through crafted images. Users are advised to update to version 14.8.2 or later to mitigate associated risks.

Affected Version(s)

ImageMagick < 14.8.2

References

https://github.com/ImageMagick/ImageMagick/security/advis...

x_refsource_CONFIRM

https://github.com/ImageMagick/ImageMagick/commit/077a417...

x_refsource_MISC

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Aug 20, 2025