CVE-2025-53014

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.1.2-0 ImageMagick versions prior to 6.9.13-26

Description: ImageMagick is free and open-source software used for editing and manipulating digital images. A heap buffer overflow exists in the InterpretImageFilename function due to an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (%%).

Recommendations: Update ImageMagick to version 7.1.2-0 or later. Update ImageMagick to version 6.9.13-26 or later.

Exploit

Fix

Heap Based Buffer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-125CWE-193

Related Identifiers

ALT-PU-2025-10960

ALT-PU-2025-11045

BDU:2025-10910

CVE-2025-53014

DLA-4297-1

ECHO-0115-D43C-48CC

GHSA-HM4X-R5HC-794F

OESA-2025-1906

OESA-2025-1907

OESA-2025-1908

OESA-2025-1909

OESA-2025-1910

OESA-2025-1911

OPENSUSE-SU-2025:15349-1

SUSE-SU-2025:02510-1

SUSE-SU-2025:02511-1

SUSE-SU-2025:02751-1

SUSE-SU-2025:02801-1

SUSE-SU-2025_02510-1

SUSE-SU-2025_02511-1

SUSE-SU-2025_02751-1

SUSE-SU-2025_02801-1

USN-7728-1

Affected Products

Alt Linux

Astra Linux

Debian

Imagemagick

Linuxmint

Red Os

Suse

Ubuntu

CVE-2025-53014

Weakness Enumeration

Related Identifiers

Affected Products

References · 75