PT-2025-34798 · Unknown+6 · Imagemagick+6

Amethyst0225

Published

2025-08-26

Updated

2025-12-15

CVE-2025-55298

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 6.9.13-28 ImageMagick versions prior to 7.1.2-2

Description: ImageMagick is software used for editing and manipulating digital images. A format string bug exists in the InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. This can allow an attacker to overwrite arbitrary memory regions, potentially leading to heap overflow and remote code execution.

Recommendations: Update ImageMagick to version 6.9.13-28 or later. Update ImageMagick to version 7.1.2-2 or later.

Exploit

Fix

RCE

DoS

Use of Externally-Controlled Format String

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-134CWE-123

Related Identifiers

ALT-PU-2025-10960

ALT-PU-2025-11045

BDU:2025-12590

CVE-2025-55298

DLA-4297-1

DSA-5997-1

GHSA-9CCG-6PJW-X645

OESA-2025-2193

OESA-2025-2194

OESA-2025-2195

OESA-2025-2196

OESA-2025-2197

OPENSUSE-SU-2025:15498-1

OPENSUSE-SU-2025:20162-1

SUSE-SU-2025:03113-1

SUSE-SU-2025:03150-1

SUSE-SU-2025:03151-1

SUSE-SU-2025:03152-1

SUSE-SU-2025:03164-1

SUSE-SU-2025:21211-1

SUSE-SU-2025_03113-1

SUSE-SU-2025_03150-1

SUSE-SU-2025_03151-1

SUSE-SU-2025_03152-1

SUSE-SU-2025_03164-1

USN-7812-1

Affected Products

Alt Linux

Debian

Imagemagick

Linuxmint

Red Os

Suse

Ubuntu

PT-2025-34798 · Unknown+6 · Imagemagick+6

CVE-2025-55298

Weakness Enumeration

Related Identifiers

Affected Products

References · 92