OESA-2025-2193

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.

Security Fix(es):

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image. This issue has been patched in version 7.1.2-1.(CVE-2025-55004)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024. This leads to corrupting memory beyond the end of the allocated logmap buffer. This issue has been patched in version 7.1.2-1.(CVE-2025-55005)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.(CVE-2025-55154)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in sanitizer builds), with no crash in a non-sanitized build. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.(CVE-2025-55160)

A vulnerability classified as problematic was found in ImageMagick up to 6.9.13-27/7.1.2-1 (Image Processing Software).The manipulation of the argument width/height with an unknown input leads to a unknown weakness. The CWE definition for the vulnerability is CWE-369. The product divides a value by zero.As an impact it is known to affect availability.Upgrading to version 6.9.13-28 or 7.1.2-2 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch 5f0bcf986b8b5e90567750d31a37af502b73f2af is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.(CVE-2025-55212)

A vulnerability was found in ImageMagick up to 6.9.13-27/7.1.2-1 (Image Processing Software). It has been classified as critical.CWE is classifying the issue as CWE-123. Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 6.9.13-28 or 7.1.2-2 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch 439b362b93c074eea6c3f834d84982b43ef057d5 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.(CVE-2025-55298)

A vulnerability was found in ImageMagick up to 6.9.13-27/7.1.2-1 on 32-bit (Image Processing Software). It has been rated as critical.Using CWE to declare the problem leads to CWE-122. A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().Impacted is confidentiality, integrity, and availability.Upgrading to version 6.9.13-28 or 7.1.2-2 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch 2c55221f4d38193adcb51056c14cf238fbcc35d7 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.(CVE-2025-57803)