CVE-2025-62594

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-8

Description ImageMagick contains flaws within the CLAHEImage function related to unsigned integer underflow and division-by-zero. When the tile width or height is zero, an unsigned underflow occurs during pointer arithmetic, potentially leading to out-of-bounds memory access. Additionally, division-by-zero can cause immediate crashes. These issues can be triggered by specifying exact tiles with a value of zero (e.g., using the CLI option clahe 0x0!) or through automatic tile derivation with very small images. The primary impact is denial-of-service, resulting in crashes or resource exhaustion. While memory corruption is possible, reliable code execution has not been demonstrated. The vulnerable code is located in MagickCore/enhance.c around lines 609 and 669. The issue can be triggered via the command line interface or API.

Recommendations Update ImageMagick to version 7.1.2-8 or later.