2388246 – (CVE-2025-55004) CVE-2025-55004 imagemagick: ImageMagick: heap-buffer overflow

Bug 2388246 (CVE-2025-55004) - CVE-2025-55004 imagemagick: ImageMagick: heap-buffer overflow

Summary: CVE-2025-55004 imagemagick: ImageMagick: heap-buffer overflow

Keywords:
Status:	NEW
Alias:	CVE-2025-55004
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2388312 2388317 2388321 2388328 2388334
Blocks:
TreeView+	depends on / blocked

Reported:	2025-08-13 15:02 UTC by OSIDB Bzimport
Modified:	2025-08-14 14:25 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-08-13 15:02:04 UTC

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image. This issue has been patched in version 7.1.2-1.

Note You need to log in before you can comment on or make changes to this bug.