CVE-2025-62594
ImageMagick CLAHE : Unsigned underflow and division-by-zero lead to OOB pointer arithmetic and process crash (DoS)
4.7
MEDIUM
CVSS 3.1
EPSS 0.02%
Description
ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow occurs in pointer arithmetic, leading to out-of-bounds memory access, and division-by-zero causes immediate crashes. This issue has been patched in version 7.1.2-8.
How to fix CVE-2025-62594
To remediate CVE-2025-62594, upgrade the affected package to a fixed version below.
- —upgrade to 8:7.1.1.43+dfsg1-1+deb13u4 or later
- —no fix listed
- —no fix listed
- —no fix listed
- —no fix listed
- —no fix listed
- —no fix listed
- —no fix listed
- —no fix listed
- —no fix listed
- —no fix listed
- —no fix listed
- —no fix listed
Is CVE-2025-62594 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (13)
- from 0, < 8:7.1.1.43+dfsg1-1+deb13u4
- from 0, <= 14.9.0
- from 0, <= 14.9.0
- from 0, <= 14.9.0
- from 0, <= 14.9.0
- from 0, <= 14.9.0
- from 0, <= 14.9.0
- from 0, <= 14.9.0
- from 0, <= 14.9.0
- from 0, <= 14.9.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.7 | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H |