Integer Overflow Vulnerability in ImageMagick Affecting 32-bit Systems
CVE-2025-62171

5.9MEDIUM

Key Information:

Vendor: Imagemagick
Status: Imagemagick
Vendor: CVE Published:; 17 October 2025

🔔 Create Imagemagick Vulnerability Alert

What is CVE-2025-62171?

An integer overflow vulnerability in the BMP decoder of ImageMagick allows specially crafted BMP files to cause corrupted memory calculations on 32-bit systems. When large image dimensions are processed, an overflow can occur during the calculation of bytes per line, potentially leading to unexpected behavior or denial of service. This issue stems from improper checks in the BMP decoder and affects only those 32-bit builds where resource limits for image dimensions have been manually adjusted. Users are advised to upgrade to the fixed versions 7.1.2-7 or 6.9.13-32.

Affected Version(s)

ImageMagick < 6.9.13-32 < 6.9.13-32

ImageMagick >= 7.0.0-0, < 7.1.2-7 < 7.0.0-0, 7.1.2-7

References

https://github.com/ImageMagick/ImageMagick/security/advis...

x_refsource_CONFIRM

https://github.com/ImageMagick/ImageMagick/commit/cea1693...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2025
Vulnerability Reserved
Oct 7, 2025

JSON