CVE-2025-57807

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 14.8.2

Description ImageMagick is free and open-source software used for editing and manipulating digital images. The software includes insecure functions: SeekBlob(), which allows advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which expands by quantum + length instead of offset + length, and copies to data + offset. When offset is significantly larger than the extent, the copy targets memory beyond the allocation, resulting in a heap write on 64-bit builds. This does not require 2⁶⁴ arithmetic wrap, external delegates, or policy settings.

Recommendations Update to version 14.8.2 or later.

Exploit

Fix

RCE

Memory Corruption

Stack Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-131CWE-787CWE-121CWE-122

Related Identifiers

ALT-PU-2025-11737

BDU:2025-12702

CVE-2025-57807

DLA-4297-1

DSA-5997-1

GHSA-23HG-53Q6-HQFG

OESA-2025-2244

OESA-2025-2245

OESA-2025-2246

OESA-2025-2247

OESA-2025-2248

OESA-2025-2249

OPENSUSE-SU-2025:15543-1

OPENSUSE-SU-2025:20162-1

SUSE-SU-2025:03509-1

SUSE-SU-2025:03510-1

SUSE-SU-2025:03616-1

SUSE-SU-2025:21211-1

SUSE-SU-2025_03509-1

SUSE-SU-2025_03510-1

SUSE-SU-2025_03616-1

USN-7756-1

Affected Products

Alt Linux

Debian

Imagemagick

Linuxmint

Red Os

Suse

Ubuntu

CVE-2025-57807

Weakness Enumeration

Related Identifiers

Affected Products

References · 87