CVE-2025-66628

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions ImageMagick versions 7.1.2-9 and prior

Description ImageMagick is a software suite used for image creation, editing, composition, and conversion. A critical integer overflow exists in the TIM (PSX TIM) image parser's ReadTIMImage function (coders/tim.c) in affected versions. The issue occurs because the code calculates image size as 2 * width * height without overflow checks, where width and height are read from the file header as 16-bit values. On 32-bit systems, this calculation can overflow if width and height are large, leading to a small heap allocation and subsequent out-of-bounds read operations.

Recommendations Update to version 7.1.2-10 or later.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2026-03455

CVE-2025-66628

DLA-4429-1

GHSA-6HJR-V6G4-3FM8

OPENSUSE-SU-2025:15829-1

OPENSUSE-SU-2026:20118-1

SUSE-SU-2025:4427-1

SUSE-SU-2025:4428-1

SUSE-SU-2025:4429-1

SUSE-SU-2026:0011-1

SUSE-SU-2026:0013-1

SUSE-SU-2026:20183-1

Affected Products

Debian

Imagemagick

Red Os

CVE-2025-66628

Weakness Enumeration

Related Identifiers

Affected Products

References · 54