CVE-2025-55298
- Source
- https://cve.org/CVERecord?id=CVE-2025-55298
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55298.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-55298
- Aliases
- Downstream
- Related
- Published
- 2025-08-26T17:20:17.112Z
- Modified
- 2026-03-02T01:40:54.117270Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- ImageMagick Format String Bug in InterpretImageFilename leads to arbitrary code execution
- Details
-
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
- Database specific
{ "cwe_ids": [ "CWE-123", "CWE-134" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/55xxx/CVE-2025-55298.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/55xxx/CVE-2025-55298.json
- https://github.com/ImageMagick/ImageMagick/commit/439b362b93c074eea6c3f834d84982b43ef057d5
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9ccg-6pjw-x645
- https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1
- https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-55298
Affected packages
Git / github.com/dlemstra/magick.net
Affected ranges
- Type
- GIT
- Repo
- https://github.com/dlemstra/magick.net
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
10.*
10.0.0
10.1.0
11.*
11.0.0
11.1.0
11.1.1
11.1.2
11.2.0
11.2.1
11.3.0
12.*
12.0.0
12.0.1
12.1.0
12.2.0
12.2.1
12.2.2
12.3.0
13.*
13.0.0
13.0.1
13.1.0
13.1.1
13.1.2
13.1.3
13.10.0
13.2.0
13.3.0
13.4.0
13.5.0
13.6.0
13.7.0
13.8.0
13.9.0
13.9.1
14.*
14.0.0
14.1.0
14.2.0
14.3.0
14.4.0
14.5.0
14.6.0
14.7.0
14.8.0
6.*
6.8.5.1001
6.8.5.401
6.8.5.402
6.8.6.301
6.8.6.601
6.8.6.801
6.8.7.1
6.8.7.101
6.8.7.501
6.8.7.502
6.8.7.901
6.8.8.1001
6.8.8.201
6.8.8.501
6.8.8.701
6.8.8.801
6.8.8.901
6.8.9.1
6.8.9.101
6.8.9.2
6.8.9.401
6.8.9.501
6.8.9.601
7.*
7.0.0.1
7.0.0.10
7.0.0.101
7.0.0.102
7.0.0.103
7.0.0.104
7.0.0.11
7.0.0.12
7.0.0.13
7.0.0.14
7.0.0.15
7.0.0.16
7.0.0.17
7.0.0.18
7.0.0.19
7.0.0.2
7.0.0.20
7.0.0.21
7.0.0.22
7.0.0.3
7.0.0.5
7.0.0.6
7.0.0.7
7.0.0.8
7.0.0.9
7.0.1.0
7.0.1.100
7.0.1.101
7.0.1.500
7.0.2.100
7.0.2.400
7.0.2.600
7.0.2.900
7.0.2.901
7.0.2.902
7.0.3.0
7.0.3.1
7.0.3.300
7.0.3.500
7.0.3.501
7.0.3.502
7.0.3.901
7.0.3.902
7.0.4.100
7.0.4.400
7.0.4.700
7.0.4.701
7.0.5.500
7.0.5.501
7.0.5.502
7.0.5.800
7.0.5.900
7.0.6.0
7.0.6.100
7.0.6.1000
7.0.6.1001
7.0.6.1002
7.0.6.101
7.0.6.102
7.0.6.600
7.0.6.601
7.0.7.0
7.0.7.300
7.0.7.700
7.0.7.900
7.1.0.0
7.10.0.0
7.10.1.0
7.10.2.0
7.11.0.0
7.11.1.0
7.12.0.0
7.13.0.0
7.13.1.0
7.14.0.0
7.14.0.1
7.14.0.2
7.14.0.3
7.14.1.0
7.14.2.0
7.14.3.0
7.14.4.0
7.14.5.0
7.15.0.0
7.15.0.1
7.15.1.0
7.15.2.0
7.15.3.0
7.15.4.0
7.15.5.0
7.16.0.0
7.16.1.0
7.17.0.0
7.17.0.1
7.18.0.0
7.19.0.0
7.19.0.1
7.2.0.0
7.2.1.0
7.20.0.0
7.20.0.1
7.21.0.0
7.21.1.0
7.22.0.0
7.22.1.0
7.22.2.0
7.22.2.1
7.22.2.2
7.22.3.0
7.23.0.0
7.23.1.0
7.23.2.0
7.23.2.1
7.23.3.0
7.23.4.0
7.24.0.0
7.24.1.0
7.3.0.0
7.4.0.0
7.4.1.0
7.4.2.0
7.4.3.0
7.4.4.0
7.4.5.0
7.4.6.0
7.5.0.0
7.5.0.1
7.6.0.0
7.6.0.1
7.7.0.0
7.8.0.0
7.9.0.0
7.9.0.1
7.9.0.2
7.9.1.0
7.9.2.0
8.*
8.0.0
8.0.1
8.1.0
8.2.0
8.2.1
8.3.0
8.3.1
8.3.2
8.3.3
8.4.0
8.5.0
8.6.0
8.6.1
9.*
9.0.0
9.1.0
9.1.1
9.1.2
Git / github.com/imagemagick/imagemagick
Affected ranges
- Type
- GIT
- Repo
- https://github.com/imagemagick/imagemagick
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
7.*
7.0.1-0
7.0.1-1
7.0.1-10
7.0.1-2
7.0.1-3
7.0.1-4
7.0.1-5
7.0.1-6
7.0.1-7
7.0.1-8
7.0.1-9
7.0.10-0
7.0.10-1
7.0.10-10
7.0.10-11
7.0.10-12
7.0.10-13
7.0.10-14
7.0.10-15
7.0.10-16
7.0.10-17
7.0.10-18
7.0.10-19
7.0.10-2
7.0.10-20
7.0.10-21
7.0.10-22
7.0.10-23
7.0.10-24
7.0.10-25
7.0.10-26
7.0.10-27
7.0.10-28
7.0.10-29
7.0.10-3
7.0.10-30
7.0.10-31
7.0.10-32
7.0.10-33
7.0.10-34
7.0.10-35
7.0.10-36
7.0.10-37
7.0.10-38
7.0.10-39
7.0.10-4
7.0.10-40
7.0.10-41
7.0.10-42
7.0.10-43
7.0.10-44
7.0.10-45
7.0.10-46
7.0.10-47
7.0.10-48
7.0.10-49
7.0.10-5
7.0.10-50
7.0.10-51
7.0.10-52
7.0.10-53
7.0.10-54
7.0.10-55
7.0.10-56
7.0.10-57
7.0.10-58
7.0.10-59
7.0.10-6
7.0.10-60
7.0.10-61
7.0.10-62
7.0.10-7
7.0.10-8
7.0.10-9
7.0.11-0
7.0.11-1
7.0.11-10
7.0.11-11
7.0.11-12
7.0.11-13
7.0.11-14
7.0.11-2
7.0.11-3
7.0.11-4
7.0.11-5
7.0.11-6
7.0.11-7
7.0.11-8
7.0.11-9
7.0.2-0
7.0.2-1
7.0.2-10
7.0.2-2
7.0.2-3
7.0.2-4
7.0.2-5
7.0.2-6
7.0.2-7
7.0.2-8
7.0.2-9
7.0.3-0
7.0.3-1
7.0.3-10
7.0.3-2
7.0.3-3
7.0.3-4
7.0.3-5
7.0.3-6
7.0.3-7
7.0.3-8
7.0.3-9
7.0.4-0
7.0.4-1
7.0.4-10
7.0.4-2
7.0.4-3
7.0.4-4
7.0.4-5
7.0.4-6
7.0.4-7
7.0.4-8
7.0.4-9
7.0.5-0
7.0.5-1
7.0.5-10
7.0.5-2
7.0.5-3
7.0.5-4
7.0.5-5
7.0.5-6
7.0.5-7
7.0.5-8
7.0.5-9
7.0.6-0
7.0.6-1
7.0.6-2
7.0.6-3
7.0.6-4
7.0.6-5
7.0.6-6
7.0.6-7
7.0.6-8
7.0.6-9
7.0.7-0
7.0.7-1
7.0.7-10
7.0.7-11
7.0.7-12
7.0.7-13
7.0.7-14
7.0.7-15
7.0.7-16
7.0.7-17
7.0.7-18
7.0.7-19
7.0.7-2
7.0.7-20
7.0.7-21
7.0.7-22
7.0.7-23
7.0.7-24
7.0.7-25
7.0.7-26
7.0.7-27
7.0.7-28
7.0.7-29
7.0.7-3
7.0.7-30
7.0.7-31
7.0.7-32
7.0.7-33
7.0.7-34
7.0.7-35
7.0.7-36
7.0.7-37
7.0.7-38
7.0.7-39
7.0.7-4
7.0.7-5
7.0.7-6
7.0.7-8
7.0.7-9
7.0.7.7
7.0.8-0
7.0.8-1
7.0.8-10
7.0.8-11
7.0.8-12
7.0.8-13
7.0.8-14
7.0.8-15
7.0.8-16
7.0.8-17
7.0.8-18
7.0.8-19
7.0.8-2
7.0.8-20
7.0.8-21
7.0.8-22
7.0.8-23
7.0.8-24
7.0.8-25
7.0.8-26
7.0.8-27
7.0.8-28
7.0.8-29
7.0.8-3
7.0.8-30
7.0.8-31
7.0.8-32
7.0.8-33
7.0.8-34
7.0.8-35
7.0.8-36
7.0.8-37
7.0.8-38
7.0.8-39
7.0.8-4
7.0.8-40
7.0.8-41
7.0.8-42
7.0.8-43
7.0.8-44
7.0.8-45
7.0.8-46
7.0.8-47
7.0.8-48
7.0.8-49
7.0.8-5
7.0.8-50
7.0.8-51
7.0.8-52
7.0.8-53
7.0.8-54
7.0.8-55
7.0.8-56
7.0.8-57
7.0.8-58
7.0.8-59
7.0.8-6
7.0.8-60
7.0.8-61
7.0.8-62
7.0.8-63
7.0.8-64
7.0.8-65
7.0.8-66
7.0.8-67
7.0.8-68
7.0.8-7
7.0.8-8
7.0.8-9
7.0.9-0
7.0.9-1
7.0.9-10
7.0.9-11
7.0.9-12
7.0.9-13
7.0.9-14
7.0.9-15
7.0.9-16
7.0.9-17
7.0.9-18
7.0.9-19
7.0.9-2
7.0.9-20
7.0.9-21
7.0.9-22
7.0.9-23
7.0.9-24
7.0.9-25
7.0.9-26
7.0.9-27
7.0.9-4
7.0.9-5
7.0.9-6
7.0.9-7
7.0.9-8
7.0.9-9
7.1.0-0
7.1.0-1
7.1.0-10
7.1.0-11
7.1.0-12
7.1.0-13
7.1.0-14
7.1.0-15
7.1.0-16
7.1.0-17
7.1.0-18
7.1.0-19
7.1.0-2
7.1.0-20
7.1.0-21
7.1.0-22
7.1.0-23
7.1.0-24
7.1.0-25
7.1.0-26
7.1.0-27
7.1.0-28
7.1.0-29
7.1.0-3
7.1.0-30
7.1.0-31
7.1.0-32
7.1.0-33
7.1.0-34
7.1.0-35
7.1.0-36
7.1.0-37
7.1.0-38
7.1.0-39
7.1.0-4
7.1.0-40
7.1.0-41
7.1.0-42
7.1.0-43
7.1.0-44
7.1.0-45
7.1.0-46
7.1.0-47
7.1.0-48
7.1.0-49
7.1.0-5
7.1.0-50
7.1.0-51
7.1.0-52
7.1.0-53
7.1.0-54
7.1.0-55
7.1.0-56
7.1.0-57
7.1.0-58
7.1.0-59
7.1.0-6
7.1.0-60
7.1.0-61
7.1.0-62
7.1.0-7
7.1.0-8
7.1.0-9
7.1.1-0
7.1.1-1
7.1.1-10
7.1.1-11
7.1.1-12
7.1.1-13
7.1.1-14
7.1.1-15
7.1.1-16
7.1.1-17
7.1.1-18
7.1.1-19
7.1.1-2
7.1.1-20
7.1.1-21
7.1.1-22
7.1.1-23
7.1.1-24
7.1.1-25
7.1.1-26
7.1.1-27
7.1.1-28
7.1.1-29
7.1.1-3
7.1.1-30
7.1.1-31
7.1.1-32
7.1.1-33
7.1.1-34
7.1.1-35
7.1.1-36
7.1.1-37
7.1.1-38
7.1.1-39
7.1.1-4
7.1.1-40
7.1.1-41
7.1.1-43
7.1.1-44
7.1.1-45
7.1.1-46
7.1.1-47
7.1.1-5
7.1.1-6
7.1.1-7
7.1.1-8
7.1.1-9
7.1.2-0
7.1.2-1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55298.json"
vanir_signatures
[
{
"id": "CVE-2025-55298-08dad9bb",
"digest": {
"length": 2423.0,
"function_hash": "203154114098319073765007390346548498804"
},
"signature_type": "Function",
"target": {
"file": "MagickCore/image.c",
"function": "InterpretImageFilename"
},
"signature_version": "v1",
"source": "https://github.com/imagemagick/imagemagick/commit/439b362b93c074eea6c3f834d84982b43ef057d5",
"deprecated": false
},
{
"id": "CVE-2025-55298-09d83caf",
"digest": {
"threshold": 0.9,
"line_hashes": [
"10685655258371385588661223041628302753",
"165249012698808506757867210299884443055",
"228917513246707470161278283225314070369",
"231168465612498823660345252192325607681",
"191485976778451351382884515004693640899",
"328452766036847001217609598595900066706",
"104447800950460882489077283834908456767",
"329070562278624302075887385494851604193",
"302436216128789544317192868591633147498",
"274519963126580738959121888341165216784",
"269839394030102788539093188160524678928",
"293400200304377958609532663108228563914",
"309284435881448524748999297520503269346",
"61925192225354002048292956442629208851",
"161111711136754256008707988400435195442",
"277096490399429866268414842524802227231",
"82796436621892934938547198895836131315",
"114337781389225092914527295667223887406",
"195689729879822317671341471881502643147",
"232794369188494762240221134477848341335",
"121610347989828653879317732780689828507",
"232605881279803764549739787935247886221",
"318873579762505949567354053291632308185",
"49928733467883672417777030264357217310",
"233389062052025913285300290461209499248",
"94467147304143934912237817628683459297",
"272347408597850055113336959753876131037",
"333233224521551534823341905894629394374",
"234112578658270638032522555580953644686",
"162672433488937781574916520812072502229",
"224982012705247283348512755278933127877",
"336152882870932446217722843394229503097",
"113290311430929485380998411820248508765",
"88893928230435992172129278644822699301",
"332632962303422922735602590556850293271",
"83555987299288769253890963744924856612",
"238940949499957487069868710051676296176",
"179830239918284678765207353055852447760",
"111845807964777979276578145328413032882",
"181553584423926593773808290327713886186",
"298891184779583866152316502184433549430",
"114498579428457686773461344776518085948",
"270215130762096039238643349977121455753",
"280236783309850278892845295964184740120",
"289227467936286125463385325586214481146",
"16030432218638950051374585290755262023",
"210170548016361832190339019507905916792",
"257911366694643431765678820581884652968",
"329328731625747359127105977312048158029",
"93613665007146220277797090887952046046",
"208962213676047377988011100634149772341",
"69002963655560804576275599451362627805",
"63454920158817206346738749975636965757",
"196080570755634391010861913444436058161",
"90402833192047306060477032242433275025",
"209743958554029297140103065069315498208",
"231661560737349050766778878718441217557",
"116055422195470080492810059705005291133",
"49747642820979422459471799281992700554",
"135700419408385626370919290768911238552",
"226756071717463861506358553495950022111",
"100042897138627337089445109707073678741",
"241368559078953933333987241934309301500",
"50927914678320344661834888481574890559",
"34358810873806419238145786986753700434",
"309272842558291299095497921348116710667",
"194524200121631183662008790296015120271",
"66310617184931960129086427477585253019",
"99131021540687986140545008592750036962",
"274737027736776292890597166609437248259",
"314742740126216660066539094374200240804",
"240483324085092040524395091162275987982",
"16716414859034691463708907597123464241",
"95615303596591420190568024993918645655",
"62453711722249355645534784361617930926",
"2732988362602123626655476943136096984",
"104450956965347761698150331578860493414",
"322131269490544373764809193201774449134",
"273405979659155056819344592237119998492",
"24390314602587881609841003858269250860",
"220101386331450559128026392960207389661",
"212843253024583470735182887380292076842",
"141408461582857368256841244438402275316",
"100001212235413480145373906268083650995",
"175628342850646747368778567677715821011",
"296351638369045675136798393346473724622",
"64420379868364543443584885723300842670",
"195671012115485235330096357009401784944",
"280036140090352577663282194096768512559",
"102694889311625904344056814836805635875",
"142884485101953350324616234290612030747",
"296532575451065619650002394258596285435",
"148132814082934705578808663362643181367",
"122070763850071826873767642565411690312",
"335973733795751322178344108957329464182",
"303463998793085017798314941888372933766",
"262700240016536891643127063421288536240",
"61276533365509694592740232564375844692",
"98420655211575937807466119042886866034",
"168291878923929040908955000597105304266",
"230253159622844319694996473208373025892",
"12038744923771033022223912302583387801",
"334394797854294428247179538241373546302",
"16005707821783007815482866254495297126",
"39302910621898167293865526273311332327",
"163365333947463192760216260292028193514",
"294499242268042958011862729104185851022",
"214850724187710280178872017591142505081",
"6688793479999963539472509205045129458",
"48809543901561610867071255703137649541",
"209286806121175417454138733431696180278",
"33476512551336690388166244326428808258",
"329071754932201752948128431804203897654",
"30974731805641867153134254009665804742",
"180500052790162488998498765577603879116",
"190712101947725989466171400816972587764"
]
},
"signature_type": "Line",
"target": {
"file": "MagickCore/image.c"
},
"signature_version": "v1",
"source": "https://github.com/imagemagick/imagemagick/commit/439b362b93c074eea6c3f834d84982b43ef057d5",
"deprecated": false
},
{
"id": "CVE-2025-55298-991823b5",
"digest": {
"length": 365.0,
"function_hash": "201479786465063284992666366636988957097"
},
"signature_type": "Function",
"target": {
"file": "MagickCore/image.c",
"function": "PercentNInvalidOperation"
},
"signature_version": "v1",
"source": "https://github.com/imagemagick/imagemagick/commit/439b362b93c074eea6c3f834d84982b43ef057d5",
"deprecated": false
}
]