ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-15666 advisory.

    [6.9.10.68-7.0.1]
    - Fix for CVE-2025-55154 [Orabug: 38417011]

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7756-1 advisory.

    It was discovered that ImageMagick did not properly handle memory when performing magnified size     calculations. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a     denial of service, or possibly execute arbitrary code. (CVE-2025-55154)

    Woojin Park, Hojun Lee, Youngin Won, and Siyeon Han discovered that ImageMagick incorrectly handled     creating thumbnail images for certain dimensions. An attacker could possibly use this issue to cause     ImageMagick to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS.
    (CVE-2025-55212)

    Lumina Mescuwa discovered that ImageMagick did not properly handle cloning splay trees in the MagickCore     library. An attacker could possibly use this issue to cause sanitized builds of ImageMagick to crash,     resulting in a denial of service. (CVE-2025-55160)

    Lumina Mescuwa discovered that ImageMagick did not properly handle memory. An attacker could possibly use     this issue to cause ImageMagick to crash, resulting in a denial of service, or possibly execute arbitrary     code. (CVE-2025-57807)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03164-1 advisory.

    - CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate     alpha channels       (bsc#1248076).
    - CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077).
    - CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage     (bsc#1248078).
    - CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079).
    - CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing     only a colon to       `montage -geometry` (bsc#1248767).
    - CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780).
    - CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784).

    Other fixes:

    - Fixed output file placeholders (bsc#1247475).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5997 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5997-1                   security@debian.org     https://www.debian.org/security/                        Bastien Roucaries     September 12, 2025                    https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : imagemagick     CVE ID         : CVE-2025-55004 CVE-2025-55005 CVE-2025-55154 CVE-2025-55212                      CVE-2025-55298 CVE-2025-57803 CVE-2025-57807     Debian Bug     : 1111101 1111102 1111103 1111586 1111587 1112469 1114520

    Multiple memory corruption vulnerbilities were discovered in imagemagick,     a software suit used for editing and manipulating digital images, which     could lead to information leak, denial of service, and potentially arbitrary     code execution.

    For the oldstable distribution (bookworm), these problems have been fixed     in version 6.9.11.60+dfsg-1.6+deb12u4.

    For the stable distribution (trixie), these problems have been fixed in     version 8:7.1.1.43+dfsg1-1+deb13u2.

    We recommend that you upgrade your imagemagick packages.

    For the detailed security status of imagemagick please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/imagemagick

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15666 advisory.

    ImageMagick is an image display and manipulation tool for the X Window System that can read and write     multiple image formats.

    Security Fix(es):

    * imagemagick: ImageMagick: integer overflows in MNG magnification (CVE-2025-55154)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03151-1 advisory.

    - CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate     alpha channels       (bsc#1248076).
    - CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077).
    - CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage     (bsc#1248078).
    - CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079).
    - CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing     only a colon to       `montage -geometry` (bsc#1248767).
    - CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780).
    - CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03150-1 advisory.

    - CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077).
    - CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage     (bsc#1248078).
    - CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079).
    - CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing     only a colon to       `montage -geometry` (bsc#1248767).
    - CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780).
    - CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03152-1 advisory.

    - CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate     alpha channels       (bsc#1248076).
    - CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077).
    - CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage     (bsc#1248078).
    - CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079).
    - CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing     only a colon to       `montage -geometry` (bsc#1248767).
    - CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780).
    - CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784).

    Other fixes:

    - Fixed output file placeholders (bsc#1247475).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4297 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-4297-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                   Bastien Roucaris     September 10, 2025                            https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : imagemagick     Version        : 8:6.9.11.60+dfsg-1.3+deb11u6     CVE ID         : CVE-2025-53014 CVE-2025-53019 CVE-2025-53101 CVE-2025-55154                      CVE-2025-55212 CVE-2025-55298 CVE-2025-57803 CVE-2025-57807     Debian Bug     : 1109339 1111103 1111586 1111587 1112469 1114520

    Multiple vulnerabilities were fixed in imagemagick an image manipulation     software suite.

    CVE-2025-53014

        A heap buffer overflow was found in the `InterpretImageFilename`         function. The issue stems from an off-by-one error that causes         out-of-bounds memory access when processing format strings         containing consecutive percent signs (`%%`).

    CVE-2025-53019

        ImageMagick's `magick stream` command, specifying multiple         consecutive `%d` format specifiers in a filename template         caused a memory leak

    CVE-2025-53101

        ImageMagick's `magick mogrify` command, specifying         multiple consecutive `%d` format specifiers in a filename         template caused internal pointer arithmetic to generate         an address below the beginning of the stack buffer,         resulting in a stack overflow through `vsnprintf()`.

    CVE-2025-55154

        The magnified size calculations in ReadOneMNGIMage         (in coders/png.c) are unsafe and can overflow,         leading to memory corruption.

    CVE-2025-55212

        passing a geometry string containing only a colon (:)         to montage -geometry leads GetGeometry() to set width/height         to 0. Later, ThumbnailImage() divides by these zero dimensions,         triggering a crash (SIGFPE/abort)

    CVE-2025-55298

        A format string bug vulnerability exists in InterpretImageFilename         function where user input is directly passed to FormatLocaleString         without proper sanitization. An attacker can overwrite arbitrary         memory regions, enabling a wide range of attacks from heap         overflow to remote code execution.

    CVE-2025-57803

        A 32-bit integer overflow in the BMP encoder??s scanline-stride         computation collapses bytes_per_line (stride) to a tiny         value while the per-row writer still emits 3 ? width bytes         for 24-bpp images. The row base pointer advances using the         (overflowed) stride, so the first row immediately writes         past its slot and into adjacent heap memory with         attacker-controlled bytes.

    CVE-2025-57807

        A security problem was found in SeekBlob(), which permits         advancing the stream offset beyond the current end without         increasing capacity, and WriteBlob(), which then expands by         quantum + length (amortized) instead of offset + length,         and copies to data + offset. When offset ? extent, the         copy targets memory beyond the allocation, producing a         deterministic heap write on 64-bit builds. No 2??         arithmetic wrap, external delegates, or policy settings         are required.

    For Debian 11 bullseye, these problems have been fixed in version     8:6.9.11.60+dfsg-1.3+deb11u6.

    We recommend that you upgrade your imagemagick packages.

    For the detailed security status of imagemagick please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/imagemagick

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03113-1 advisory.

    - CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate     alpha channels       (bsc#1248076).
    - CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077).
    - CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage     can lead to       out-of-bounds write (bsc#1248078).
    - CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079).
    - CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing     only a colon to       `montage -geometry` (bsc#1248767).
    - CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780).
    - CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1159 advisory.

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to     versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are     unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27     and 7.1.2-1. (CVE-2025-55154)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2980 advisory.

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to     versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are     unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27     and 7.1.2-1. (CVE-2025-55154)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to     versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are     unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27     and 7.1.2-1. (CVE-2025-55154)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote host has a version of ImageMagick installed that is prior to 6.9.13-27, 7.0 prior to 7.1.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in GHSA-qp29-wxp5-wh82 / GHSA-6hgw-6x87-578x advisory.

  - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to     versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are     unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27     and 7.1.2-1. (CVE-2025-55154)

  - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to     versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning     callback. This results in a deterministic abort under UBSan (DoS in sanitizer builds), with no crash in a     non-sanitized build. This issue has been patched in versions 6.9.13-27 and 7.1.2-1. (CVE-2025-55160)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
265754	Oracle Linux 7 : ImageMagick (ELSA-2025-15666)	Nessus	Oracle Linux Local Security Checks	high
265697	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : ImageMagick vulnerabilities (USN-7756-1)	Nessus	Ubuntu Local Security Checks	critical
264612	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ImageMagick (SUSE-SU-2025:03164-1)	Nessus	SuSE Local Security Checks	high
264566	Debian dsa-5997 : imagemagick - security update	Nessus	Debian Local Security Checks	critical
264558	RHEL 7 : ImageMagick (RHSA-2025:15666)	Nessus	Red Hat Local Security Checks	high
264522	SUSE SLES15 Security Update : ImageMagick (SUSE-SU-2025:03151-1)	Nessus	SuSE Local Security Checks	high
264512	SUSE SLES12 Security Update : ImageMagick (SUSE-SU-2025:03150-1)	Nessus	SuSE Local Security Checks	high
264508	SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2025:03152-1)	Nessus	SuSE Local Security Checks	high
264502	Debian dla-4297 : imagemagick - security update	Nessus	Debian Local Security Checks	critical
264432	SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2025:03113-1)	Nessus	SuSE Local Security Checks	high
261747	Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2025-1159)	Nessus	Amazon Linux Local Security Checks	high
261335	Amazon Linux 2 : ImageMagick, --advisory ALAS2-2025-2980 (ALAS-2025-2980)	Nessus	Amazon Linux Local Security Checks	high
260015	Linux Distros Unpatched Vulnerability : CVE-2025-55154	Nessus	Misc.	high
258077	ImageMagick < 6.9.13-27 / 7.0 < 7.1.2-1 Multiple Vulnerabilities (GHSA-qp29-wxp5-wh82 / GHSA-6hgw-6x87-578x)	Nessus	Misc.	high

Detections

Analytics

CVE-2025-55154

high

Tenable Plugins

high

critical

high

critical

high

high

high

high

critical

high

high

high

high

high