Denial of Service in ImageMagick Software Suite
CVE-2025-62594

4.7MEDIUM

Key Information:

Vendor: Imagemagick
Status: Imagemagick
Vendor: CVE Published:; 27 October 2025

🔔 Create Imagemagick Vulnerability Alert

What is CVE-2025-62594?

ImageMagick, a widely used software suite for creating, editing, and converting bitmap images, has a vulnerability due to an unsigned integer underflow and a division-by-zero error in the CLAHEImage function. When the tile width or height is set to zero, this vulnerability can lead to out-of-bounds memory access and subsequent denial of service through crashes. The issue has been addressed in the patched version 7.1.2-8.

Affected Version(s)

ImageMagick < 7.1.2-8

References

https://github.com/ImageMagick/ImageMagick/security/advis...

x_refsource_CONFIRM

https://github.com/ImageMagick/ImageMagick/commit/7b47fe3...

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 27, 2025
Vulnerability Reserved
Oct 16, 2025

JSON