CVE-2025-46393 — Incorrect Calculation of Buffer Size in Imagemagick

CWE-131 — Incorrect Calculation of Buffer Size5 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 53.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick

Timeline

PublishedApr 23

Description

In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶debiandebian/imagemagick< imagemagick 8:7.1.1.46+dfsg1-1 (forky)

▶NVDimagemagick/imagemagick< 7.1.1-44

▶Debianimagemagick/imagemagick< 8:7.1.1.43+dfsg1-1+deb13u1+1

Patches

Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2025-46393: In multispectral MIFF image processing in ImageMagick before 7↗2025-04-23

▶

GHSA

GHSA-f57x-prr8-55vv: In multispectral MIFF image processing in ImageMagick before 7↗2025-04-23

▶

📋Vendor Advisories

Red Hat

ImageMagick: Incorrect Calculation of Buffer Size in ImageMagick's Multispectral MIFF Processing↗2025-04-23

▶

Debian

CVE-2025-46393: imagemagick - In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_si...↗2025

▶