2393590 – (CVE-2025-57807) CVE-2025-57807 imagemagick: ImageMagick BlobStream Forward-Seek Under-Allocation

Bug 2393590 (CVE-2025-57807) - CVE-2025-57807 imagemagick: ImageMagick BlobStream Forward-Seek Under-Allocation

Summary: CVE-2025-57807 imagemagick: ImageMagick BlobStream Forward-Seek Under-Allocation

Keywords:
Status:	NEW
Alias:	CVE-2025-57807
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2393598 2393599 2393600 2393601 2393603
Blocks:
TreeView+	depends on / blocked

Reported:	2025-09-05 22:01 UTC by OSIDB Bzimport
Modified:	2025-09-09 11:26 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-09-05 22:01:24 UTC

ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include  insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.

Note You need to log in before you can comment on or make changes to this bug.