CVE-2025-55160

CVSS v3.1

6.1

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 6.9.13-27 ImageMagick versions prior to 7.1.2-1

Description: ImageMagick is a free and open-source software suite for editing and manipulating digital images. A function-type-mismatch exists in the splay tree cloning callback, leading to undefined behavior. This results in a deterministic abort when using UBSan (Undefined Behavior Sanitizer) builds, but does not cause a crash in non-sanitized builds.

Recommendations: Update ImageMagick to version 6.9.13-27 or later. Update ImageMagick to version 7.1.2-1 or later.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-758

Related Identifiers

ALT-PU-2025-10960

ALT-PU-2025-11045

BDU:2025-10859

CVE-2025-55160

ECHO-2141-B79B-694B

GHSA-6HGW-6X87-578X

OESA-2025-2193

OESA-2025-2194

OESA-2025-2196

OESA-2025-2197

OESA-2025-2247

OPENSUSE-SU-2025:15471-1

SUSE-SU-2025:03113-1

SUSE-SU-2025:03150-1

SUSE-SU-2025:03151-1

SUSE-SU-2025:03152-1

SUSE-SU-2025:03164-1

SUSE-SU-2025_03113-1

SUSE-SU-2025_03150-1

SUSE-SU-2025_03151-1

SUSE-SU-2025_03152-1

SUSE-SU-2025_03164-1

USN-7756-1

Affected Products

Alt Linux

Debian

Imagemagick

Linuxmint

Red Os

Suse

Ubuntu

CVE-2025-55160

Weakness Enumeration

Related Identifiers

Affected Products

References · 78