CVE-2025-53101Buffer Underflow in Imagemagick

CWE-124Buffer UnderflowCWE-908Use of Uninitialized Resource9 documents7 sources
Severity
9.8CRITICALNVD
EPSS
0.1%
top 70.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ImagemagickDebian ImagemagickMsrc Azl3 Kernel 6.6.57.1-7 ON Azure Linux 3.0
Timeline
PublishedJul 14
Latest updateSep 1

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

debiandebian/imagemagick< imagemagick 8:6.9.11.60+dfsg-1.6+deb12u4 (bookworm)
CVEListV5imagemagick/imagemagick< 7.1.2-0
NVDimagemagick/imagemagick7.0.0-07.1.2-0+1
Debianimagemagick/imagemagick< 8:6.9.11.60+dfsg-1.3+deb11u6+3
Ubuntuimagemagick/imagemagick< 8:6.7.7.10-6ubuntu3.13+esm13+5

Patches

Patch: github.com

🔴Vulnerability Details

4
OSV
imagemagick vulnerabilities2025-09-01
OSV
ImageMagick has a Stack Buffer Overflow in image.c2025-08-25
GHSA
ImageMagick has a Stack Buffer Overflow in image.c2025-08-25
OSV
CVE-2025-53101: ImageMagick is free and open-source software used for editing and manipulating digital images2025-07-14

📋Vendor Advisories

4
Ubuntu
ImageMagick vulnerabilities2025-09-01
Red Hat
ImageMagick: ImageMagick Stack Buffer Overflow2025-07-14
Debian
CVE-2025-53101: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d...2025
Microsoft
fs: Fix uninitialized value issue in from_kuid and from_kgid2024-11-12