PT-2025-29508 · Unknown+6 · Imagemagick+6

Iwashiira

Published

2025-07-14

Updated

2025-09-10

CVE-2025-53101

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-0 ImageMagick versions prior to 6.9.13-26

Description ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, specifying multiple consecutive %d format specifiers in a filename template within the magick mogrify command causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through the vsnprintf() function.

Recommendations ImageMagick versions prior to 7.1.2-0: Upgrade to version 7.1.2-0 or later. ImageMagick versions prior to 6.9.13-26: Upgrade to version 6.9.13-26 or later.

Exploit

Fix

RCE

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-124

Related Identifiers

ALT-PU-2025-10960

ALT-PU-2025-11045

BDU:2025-10876

CVE-2025-53101

DLA-4297-1

ECHO-1205-84DC-6B88

GHSA-QH3H-J545-H8C9

OESA-2025-1906

OESA-2025-1907

OESA-2025-1908

OESA-2025-1909

OESA-2025-1910

OESA-2025-1911

OPENSUSE-SU-2025:15349-1

SUSE-SU-2025:02510-1

SUSE-SU-2025:02511-1

SUSE-SU-2025:02801-1

SUSE-SU-2025_02510-1

SUSE-SU-2025_02511-1

SUSE-SU-2025_02801-1

USN-7728-1

Affected Products

Alt Linux

Debian

Imagemagick

Linuxmint

Red Os

Suse

Ubuntu

PT-2025-29508 · Unknown+6 · Imagemagick+6

CVE-2025-53101

Weakness Enumeration

Related Identifiers

Affected Products

References · 75