ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3000 advisory.

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to     version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with     separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to     leak subsequent memory contents into the output image. This issue has been patched in version 7.1.2-1.
    (CVE-2025-55004)

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to     version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails     to handle cases where the reference-black or reference-white value is larger than 1024. This leads to     corrupting memory beyond the end of the allocated logmap buffer. This issue has been patched in version     7.1.2-1. (CVE-2025-55005)

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to     versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning     callback. This results in a deterministic abort under UBSan (DoS in sanitizer builds), with no crash in a     non-sanitized build. This issue has been patched in versions 6.9.13-27 and 7.1.2-1. (CVE-2025-55160)

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to     ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in     InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper     sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from     heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
    (CVE-2025-55298)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1182 advisory.

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to     version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with     separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to     leak subsequent memory contents into the output image. This issue has been patched in version 7.1.2-1.
    (CVE-2025-55004)

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to     version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails     to handle cases where the reference-black or reference-white value is larger than 1024. This leads to     corrupting memory beyond the end of the allocated logmap buffer. This issue has been patched in version     7.1.2-1. (CVE-2025-55005)

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to     versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning     callback. This results in a deterministic abort under UBSan (DoS in sanitizer builds), with no crash in a     non-sanitized build. This issue has been patched in versions 6.9.13-27 and 7.1.2-1. (CVE-2025-55160)

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to     ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in     InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper     sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from     heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
    (CVE-2025-55298)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03164-1 advisory.

    - CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate     alpha channels       (bsc#1248076).
    - CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077).
    - CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage     (bsc#1248078).
    - CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079).
    - CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing     only a colon to       `montage -geometry` (bsc#1248767).
    - CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780).
    - CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784).

    Other fixes:

    - Fixed output file placeholders (bsc#1247475).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5997 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5997-1                   security@debian.org     https://www.debian.org/security/                        Bastien Roucaries     September 12, 2025                    https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : imagemagick     CVE ID         : CVE-2025-55004 CVE-2025-55005 CVE-2025-55154 CVE-2025-55212                      CVE-2025-55298 CVE-2025-57803 CVE-2025-57807     Debian Bug     : 1111101 1111102 1111103 1111586 1111587 1112469 1114520

    Multiple memory corruption vulnerbilities were discovered in imagemagick,     a software suit used for editing and manipulating digital images, which     could lead to information leak, denial of service, and potentially arbitrary     code execution.

    For the oldstable distribution (bookworm), these problems have been fixed     in version 6.9.11.60+dfsg-1.6+deb12u4.

    For the stable distribution (trixie), these problems have been fixed in     version 8:7.1.1.43+dfsg1-1+deb13u2.

    We recommend that you upgrade your imagemagick packages.

    For the detailed security status of imagemagick please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/imagemagick

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03151-1 advisory.

    - CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate     alpha channels       (bsc#1248076).
    - CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077).
    - CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage     (bsc#1248078).
    - CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079).
    - CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing     only a colon to       `montage -geometry` (bsc#1248767).
    - CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780).
    - CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03150-1 advisory.

    - CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077).
    - CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage     (bsc#1248078).
    - CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079).
    - CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing     only a colon to       `montage -geometry` (bsc#1248767).
    - CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780).
    - CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03152-1 advisory.

    - CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate     alpha channels       (bsc#1248076).
    - CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077).
    - CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage     (bsc#1248078).
    - CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079).
    - CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing     only a colon to       `montage -geometry` (bsc#1248767).
    - CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780).
    - CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784).

    Other fixes:

    - Fixed output file placeholders (bsc#1247475).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4297 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-4297-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                   Bastien Roucaris     September 10, 2025                            https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : imagemagick     Version        : 8:6.9.11.60+dfsg-1.3+deb11u6     CVE ID         : CVE-2025-53014 CVE-2025-53019 CVE-2025-53101 CVE-2025-55154                      CVE-2025-55212 CVE-2025-55298 CVE-2025-57803 CVE-2025-57807     Debian Bug     : 1109339 1111103 1111586 1111587 1112469 1114520

    Multiple vulnerabilities were fixed in imagemagick an image manipulation     software suite.

    CVE-2025-53014

        A heap buffer overflow was found in the `InterpretImageFilename`         function. The issue stems from an off-by-one error that causes         out-of-bounds memory access when processing format strings         containing consecutive percent signs (`%%`).

    CVE-2025-53019

        ImageMagick's `magick stream` command, specifying multiple         consecutive `%d` format specifiers in a filename template         caused a memory leak

    CVE-2025-53101

        ImageMagick's `magick mogrify` command, specifying         multiple consecutive `%d` format specifiers in a filename         template caused internal pointer arithmetic to generate         an address below the beginning of the stack buffer,         resulting in a stack overflow through `vsnprintf()`.

    CVE-2025-55154

        The magnified size calculations in ReadOneMNGIMage         (in coders/png.c) are unsafe and can overflow,         leading to memory corruption.

    CVE-2025-55212

        passing a geometry string containing only a colon (:)         to montage -geometry leads GetGeometry() to set width/height         to 0. Later, ThumbnailImage() divides by these zero dimensions,         triggering a crash (SIGFPE/abort)

    CVE-2025-55298

        A format string bug vulnerability exists in InterpretImageFilename         function where user input is directly passed to FormatLocaleString         without proper sanitization. An attacker can overwrite arbitrary         memory regions, enabling a wide range of attacks from heap         overflow to remote code execution.

    CVE-2025-57803

        A 32-bit integer overflow in the BMP encoder??s scanline-stride         computation collapses bytes_per_line (stride) to a tiny         value while the per-row writer still emits 3 ? width bytes         for 24-bpp images. The row base pointer advances using the         (overflowed) stride, so the first row immediately writes         past its slot and into adjacent heap memory with         attacker-controlled bytes.

    CVE-2025-57807

        A security problem was found in SeekBlob(), which permits         advancing the stream offset beyond the current end without         increasing capacity, and WriteBlob(), which then expands by         quantum + length (amortized) instead of offset + length,         and copies to data + offset. When offset ? extent, the         copy targets memory beyond the allocation, producing a         deterministic heap write on 64-bit builds. No 2??         arithmetic wrap, external delegates, or policy settings         are required.

    For Debian 11 bullseye, these problems have been fixed in version     8:6.9.11.60+dfsg-1.3+deb11u6.

    We recommend that you upgrade your imagemagick packages.

    For the detailed security status of imagemagick please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/imagemagick

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03113-1 advisory.

    - CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate     alpha channels       (bsc#1248076).
    - CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077).
    - CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage     can lead to       out-of-bounds write (bsc#1248078).
    - CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079).
    - CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing     only a colon to       `montage -geometry` (bsc#1248767).
    - CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780).
    - CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to     ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in     InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper     sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from     heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
    (CVE-2025-55298)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
265078	Amazon Linux 2 : ImageMagick, --advisory ALAS2-2025-3000 (ALAS-2025-3000)	Nessus	Amazon Linux Local Security Checks	high
264841	Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2025-1182)	Nessus	Amazon Linux Local Security Checks	high
264612	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ImageMagick (SUSE-SU-2025:03164-1)	Nessus	SuSE Local Security Checks	high
264566	Debian dsa-5997 : imagemagick - security update	Nessus	Debian Local Security Checks	critical
264522	SUSE SLES15 Security Update : ImageMagick (SUSE-SU-2025:03151-1)	Nessus	SuSE Local Security Checks	high
264512	SUSE SLES12 Security Update : ImageMagick (SUSE-SU-2025:03150-1)	Nessus	SuSE Local Security Checks	high
264508	SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2025:03152-1)	Nessus	SuSE Local Security Checks	high
264502	Debian dla-4297 : imagemagick - security update	Nessus	Debian Local Security Checks	critical
264432	SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2025:03113-1)	Nessus	SuSE Local Security Checks	high
260522	Linux Distros Unpatched Vulnerability : CVE-2025-55298	Nessus	Misc.	high

Detections

Analytics

CVE-2025-55298

high

Tenable Plugins

high

high

high

critical

high

high

high

critical

high

high