ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytes_per_line (stride) to a tiny value while the per-row writer still emits 3 × width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4339 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-4339-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                   Bastien Roucaris     October 19, 2025                              https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : imagemagick     Version        : 8:6.9.11.60+dfsg-1.3+deb11u7     CVE ID         : CVE-2025-62171     Debian Bug     : 1118340

    An Integer Overflow was found in BMP Decoder (ReadBMP).

    CVE-2025-57803 fix claims to patch this problem, but the fix     is incomplete and ineffective in some cases.

    The patch added BMPOverflowCheck() but placed it     after the overflow occurs.
    A malicious 58-byte BMP file can trigger AddressSanitizer     crashes and DoS.

    This new issue was affected CVE-2025-62171.

    For Debian 11 bullseye, these problems have been fixed in version     8:6.9.11.60+dfsg-1.3+deb11u7.

    We recommend that you upgrade your imagemagick packages.

    For the detailed security status of imagemagick please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/imagemagick

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-16313 advisory.

    - Security update CVE-2025-57803 [Orabug: 38455460]

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7812-1 advisory.

    Woojin Park, Hojun Lee, Yougin Won and Siyeon Han discovered that ImageMagick did not properly sanitize     image file names. An attacker could possibly use this issue to cause a denial of service, obtain sensitive     information, or execute arbitrary code. (CVE-2025-55298)

    Lumina Mescuwa discovered that ImageMagick did not properly handle memory when encoding BMP images. An     attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service, or     possibly execute arbitrary code. (CVE-2025-57803)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16313 advisory.

    ImageMagick is an image display and manipulation tool for the X Window System that can read and write     multiple image formats.

    Security Fix(es):

    * imagemagick: ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride ?     heap buffer overflow (CVE-2025-57803)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03164-1 advisory.

    - CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate     alpha channels       (bsc#1248076).
    - CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077).
    - CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage     (bsc#1248078).
    - CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079).
    - CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing     only a colon to       `montage -geometry` (bsc#1248767).
    - CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780).
    - CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784).

    Other fixes:

    - Fixed output file placeholders (bsc#1247475).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5997 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5997-1                   security@debian.org     https://www.debian.org/security/                        Bastien Roucaries     September 12, 2025                    https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : imagemagick     CVE ID         : CVE-2025-55004 CVE-2025-55005 CVE-2025-55154 CVE-2025-55212                      CVE-2025-55298 CVE-2025-57803 CVE-2025-57807     Debian Bug     : 1111101 1111102 1111103 1111586 1111587 1112469 1114520

    Multiple memory corruption vulnerbilities were discovered in imagemagick,     a software suit used for editing and manipulating digital images, which     could lead to information leak, denial of service, and potentially arbitrary     code execution.

    For the oldstable distribution (bookworm), these problems have been fixed     in version 6.9.11.60+dfsg-1.6+deb12u4.

    For the stable distribution (trixie), these problems have been fixed in     version 8:7.1.1.43+dfsg1-1+deb13u2.

    We recommend that you upgrade your imagemagick packages.

    For the detailed security status of imagemagick please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/imagemagick

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03151-1 advisory.

    - CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate     alpha channels       (bsc#1248076).
    - CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077).
    - CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage     (bsc#1248078).
    - CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079).
    - CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing     only a colon to       `montage -geometry` (bsc#1248767).
    - CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780).
    - CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03150-1 advisory.

    - CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077).
    - CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage     (bsc#1248078).
    - CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079).
    - CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing     only a colon to       `montage -geometry` (bsc#1248767).
    - CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780).
    - CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03152-1 advisory.

    - CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate     alpha channels       (bsc#1248076).
    - CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077).
    - CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage     (bsc#1248078).
    - CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079).
    - CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing     only a colon to       `montage -geometry` (bsc#1248767).
    - CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780).
    - CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784).

    Other fixes:

    - Fixed output file placeholders (bsc#1247475).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4297 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-4297-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                   Bastien Roucaris     September 10, 2025                            https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : imagemagick     Version        : 8:6.9.11.60+dfsg-1.3+deb11u6     CVE ID         : CVE-2025-53014 CVE-2025-53019 CVE-2025-53101 CVE-2025-55154                      CVE-2025-55212 CVE-2025-55298 CVE-2025-57803 CVE-2025-57807     Debian Bug     : 1109339 1111103 1111586 1111587 1112469 1114520

    Multiple vulnerabilities were fixed in imagemagick an image manipulation     software suite.

    CVE-2025-53014

        A heap buffer overflow was found in the `InterpretImageFilename`         function. The issue stems from an off-by-one error that causes         out-of-bounds memory access when processing format strings         containing consecutive percent signs (`%%`).

    CVE-2025-53019

        ImageMagick's `magick stream` command, specifying multiple         consecutive `%d` format specifiers in a filename template         caused a memory leak

    CVE-2025-53101

        ImageMagick's `magick mogrify` command, specifying         multiple consecutive `%d` format specifiers in a filename         template caused internal pointer arithmetic to generate         an address below the beginning of the stack buffer,         resulting in a stack overflow through `vsnprintf()`.

    CVE-2025-55154

        The magnified size calculations in ReadOneMNGIMage         (in coders/png.c) are unsafe and can overflow,         leading to memory corruption.

    CVE-2025-55212

        passing a geometry string containing only a colon (:)         to montage -geometry leads GetGeometry() to set width/height         to 0. Later, ThumbnailImage() divides by these zero dimensions,         triggering a crash (SIGFPE/abort)

    CVE-2025-55298

        A format string bug vulnerability exists in InterpretImageFilename         function where user input is directly passed to FormatLocaleString         without proper sanitization. An attacker can overwrite arbitrary         memory regions, enabling a wide range of attacks from heap         overflow to remote code execution.

    CVE-2025-57803

        A 32-bit integer overflow in the BMP encoder??s scanline-stride         computation collapses bytes_per_line (stride) to a tiny         value while the per-row writer still emits 3 ? width bytes         for 24-bpp images. The row base pointer advances using the         (overflowed) stride, so the first row immediately writes         past its slot and into adjacent heap memory with         attacker-controlled bytes.

    CVE-2025-57807

        A security problem was found in SeekBlob(), which permits         advancing the stream offset beyond the current end without         increasing capacity, and WriteBlob(), which then expands by         quantum + length (amortized) instead of offset + length,         and copies to data + offset. When offset ? extent, the         copy targets memory beyond the allocation, producing a         deterministic heap write on 64-bit builds. No 2??         arithmetic wrap, external delegates, or policy settings         are required.

    For Debian 11 bullseye, these problems have been fixed in version     8:6.9.11.60+dfsg-1.3+deb11u6.

    We recommend that you upgrade your imagemagick packages.

    For the detailed security status of imagemagick please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/imagemagick

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03113-1 advisory.

    - CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate     alpha channels       (bsc#1248076).
    - CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077).
    - CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage     can lead to       out-of-bounds write (bsc#1248078).
    - CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079).
    - CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing     only a colon to       `montage -geometry` (bsc#1248767).
    - CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780).
    - CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to     versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP     encoder's scanline-stride computation collapses bytes_per_line (stride) to a tiny value while the per-row     writer still emits 3  width bytes for 24-bpp images. The row base pointer advances using the (overflowed)     stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-     controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert     pipelines. This issue has been patched in versions 6.9.13-28 and 7.1.2-2. (CVE-2025-57803)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
270770	Debian dla-4339 : imagemagick - security update	Nessus	Debian Local Security Checks	high
270476	Oracle Linux 7 : ImageMagick (ELSA-2025-16313)	Nessus	Oracle Linux Local Security Checks	high
269997	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : ImageMagick vulnerabilities (USN-7812-1)	Nessus	Ubuntu Local Security Checks	high
265731	RHEL 7 : ImageMagick (RHSA-2025:16313)	Nessus	Red Hat Local Security Checks	high
264612	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ImageMagick (SUSE-SU-2025:03164-1)	Nessus	SuSE Local Security Checks	high
264566	Debian dsa-5997 : imagemagick - security update	Nessus	Debian Local Security Checks	critical
264522	SUSE SLES15 Security Update : ImageMagick (SUSE-SU-2025:03151-1)	Nessus	SuSE Local Security Checks	high
264512	SUSE SLES12 Security Update : ImageMagick (SUSE-SU-2025:03150-1)	Nessus	SuSE Local Security Checks	high
264508	SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2025:03152-1)	Nessus	SuSE Local Security Checks	high
264502	Debian dla-4297 : imagemagick - security update	Nessus	Debian Local Security Checks	critical
264432	SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2025:03113-1)	Nessus	SuSE Local Security Checks	high
260519	Linux Distros Unpatched Vulnerability : CVE-2025-57803	Nessus	Misc.	high

Detections

Analytics

CVE-2025-57803

high

Tenable Plugins

high

high

high

high

high

critical

high

high

high

critical

high

high