CVE-2025-57803

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.13-28 and 7.1.2-2

Description ImageMagick is free and open-source software used for editing and manipulating digital images. A 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytes per line (stride) to a tiny value while the per-row writer still emits 3 × width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines.

Recommendations Update to ImageMagick version 6.9.13-28 or 7.1.2-2.

Exploit

Fix

DoS

RCE

Integer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-122

Related Identifiers

ALT-PU-2025-10960

ALT-PU-2025-11045

BDU:2025-11265

CVE-2025-57803

DLA-4297-1

DLA-4339-1

DSA-5997-1

GHSA-MXVV-97WH-CFMM

OESA-2025-2193

OESA-2025-2194

OESA-2025-2196

OESA-2025-2197

OESA-2025-2247

OPENSUSE-SU-2025:15498-1

OPENSUSE-SU-2025:20162-1

RHSA-2025:16313

SUSE-SU-2025:03113-1

SUSE-SU-2025:03150-1

SUSE-SU-2025:03151-1

SUSE-SU-2025:03152-1

SUSE-SU-2025:03164-1

SUSE-SU-2025:21211-1

SUSE-SU-2025_03113-1

SUSE-SU-2025_03150-1

SUSE-SU-2025_03151-1

SUSE-SU-2025_03152-1

SUSE-SU-2025_03164-1

USN-7812-1

Affected Products

Alt Linux

Debian

Imagemagick

Linuxmint

Red Os

Suse

Ubuntu

CVE-2025-57803

Weakness Enumeration

Related Identifiers

Affected Products

References · 98