CVE-2025-62171 — Integer Overflow or Wraparound in Imagemagick

CWE-190 — Integer Overflow or Wraparound7 documents6 sources

Severity

7.5HIGHNVD

GHSA8.8OSV8.8

EPSS

0.1%

top 77.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick

Timeline

PublishedOct 17

Latest updateNov 20

Description

ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating the extent value by multiplying image columns by bits per pixel. On 32-bit systems with size_t of 4 bytes, a malicious BMP file with specific dimensions can cause this multiplication to overflow and wra…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/imagemagick< imagemagick 8:6.9.11.60+dfsg-1.6+deb12u5 (bookworm)

▶NVDimagemagick/imagemagick7.0.0-0 — 7.1.2-7+1

▶Debianimagemagick/imagemagick< 8:6.9.11.60+dfsg-1.3+deb11u7+3

Patches

Patch: github.com ↗

🔴Vulnerability Details

GHSA

ImageMagick has Integer Overflow in BMP Decoder (ReadBMP)↗2025-10-28

▶

OSV

ImageMagick has Integer Overflow in BMP Decoder (ReadBMP)↗2025-10-28

▶

OSV

CVE-2025-62171: ImageMagick is an open source software suite for displaying, converting, and editing raster image files↗2025-10-17

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerability↗2025-11-20

▶

Red Hat

ImageMagick: ImageMagick vulnerable to denial of service via integer overflow in BMP decoder on 32-bit systems↗2025-10-17

▶

Debian

CVE-2025-62171: imagemagick - ImageMagick is an open source software suite for displaying, converting, and edi...↗2025

▶