CVE-2025-55004

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image. This issue has been patched in version 7.1.2-1.

How to fix CVE-2025-55004

To remediate CVE-2025-55004, upgrade the affected package to a fixed version below.

• —upgrade to 8:7.1.1.43+dfsg1-1+deb13u2 or later
• —upgrade to 14.8.0 or later
• —upgrade to 14.8.0 or later
• —upgrade to 14.8.0 or later
• —upgrade to 14.8.0 or later
• —upgrade to 14.8.0 or later
• —upgrade to 14.8.0 or later
• —upgrade to 14.8.0 or later
• —upgrade to 14.8.0 or later
• —upgrade to 14.8.0 or later
• —upgrade to 14.8.0 or later
• —upgrade to 14.8.0 or later
• —upgrade to 14.8.0 or later
• —upgrade to 14.8.0 or later
• —upgrade to 14.8.0 or later
• —

Is CVE-2025-55004 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (19)

• from 0, < 8:7.1.1.43+dfsg1-1+deb13u2
• from 0, < 14.8.0
• from 0, < 14.8.0
• from 0, < 14.8.0
• from 0, < 14.8.0
• from 0, < 14.8.0
• from 0, < 14.8.0
• from 0, < 14.8.0
• from 0, < 14.8.0
• from 0, < 14.8.0

CVSS scores

References (6)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-55004
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2025-55004
• PATCHgithub.com/ImageMagick/ImageMagick
• WEBgithub.com/dlemstra/Magick.NET/releases/tag/14.8.0