DEBIAN-CVE-2025-55004

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-55004

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-55004.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-55004

Upstream

CVE-2025-55004

Published

2025-08-13T14:15:32Z

Modified

2025-09-30T05:20:38.292604Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image. This issue has been patched in version 7.1.2-1.

References

https://security-tracker.debian.org/tracker/CVE-2025-55004

Affected packages

Debian:13 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:7.1.1.43+dfsg1-1+deb13u2

Affected versions

8:7.*

8:7.1.1.43+dfsg1-1

8:7.1.1.43+dfsg1-1+deb13u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:7.1.2.1+dfsg1-1

Affected versions

8:7.*

8:7.1.1.43+dfsg1-1

8:7.1.1.46+dfsg1-1

8:7.1.1.47+dfsg1-1

8:7.1.1.47+dfsg1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}