Bug 2388246 (CVE-2025-55004)

Summary: CVE-2025-55004 imagemagick: ImageMagick: heap-buffer overflow
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A heap-based buffer overflow flaw was found in ImageMagick. This issue is present when handling images with separate alpha channels and performing image magnification in ReadOneMNGIMage. This vulnerability could be exploited to leak subsequent memory contents into the output image.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2388312, 2388317, 2388321, 2388328, 2388334    
Bug Blocks:    

Description OSIDB Bzimport 2025-08-13 15:02:04 UTC 
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image. This issue has been patched in version 7.1.2-1.