Mescuwa

#11069of 53,630
24.9Total CVSS
Vulnerabilities · 3
Medium
1
High
1
Critical
1
PT-2025-36333
10
2025-09-05
Unknown · Imagemagick · CVE-2025-57807
**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 14.8.2 **Description** ImageMagick is free and open-source software used for editing and manipulating digital images. The software includes insecure functions: `SeekBlob()`, which allows advancing the stream offset beyond the current end without increasing capacity, and `WriteBlob()`, which expands by quantum + length instead of offset + length, and copies to data + offset. When offset is significantly larger than the extent, the copy targets memory beyond the allocation, resulting in a heap write on 64-bit builds. This does not require 2⁶⁴ arithmetic wrap, external delegates, or policy settings. **Recommendations** Update to version 14.8.2 or later.
PT-2025-34799
8.8
2025-08-23
Unknown · Imagemagick · CVE-2025-57803
**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.9.13-28 and 7.1.2-2 **Description** ImageMagick is free and open-source software used for editing and manipulating digital images. A 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses `bytes per line` (stride) to a tiny value while the per-row writer still emits 3 × width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines. **Recommendations** Update to ImageMagick version 6.9.13-28 or 7.1.2-2.
PT-2025-32998
6.1
2025-07-08
Unknown · Imagemagick · CVE-2025-55160
Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 6.9.13-27 ImageMagick versions prior to 7.1.2-1 Description: ImageMagick is a free and open-source software suite for editing and manipulating digital images. A function-type-mismatch exists in the splay tree cloning callback, leading to undefined behavior. This results in a deterministic abort when using UBSan (Undefined Behavior Sanitizer) builds, but does not cause a crash in non-sanitized builds. Recommendations: Update ImageMagick to version 6.9.13-27 or later. Update ImageMagick to version 7.1.2-1 or later.