ImageMagick < 6.9.13-26 / 7.1.0 < 7.1.2 Multiple Vulnerabilities

high Nessus Plugin ID 242329

Synopsis

The remote Windows host has an application installed that is affected by multiple vulnerabilities

Description

The remote Windows host has a version of ImageMagick installed that prior to 6.9.13-26 or 7.1 prior to 7.1.2. It is, therefore, affected by multiple vulnerabilites:

- filename template issues can cause a stack overflow through vsnprintf() (CVE-2025-53101)

- heap buffer overflow in the InterpretImageFilename function (CVE-2025-53014)

- Improper filename template can cause a memory leak (CVE-2025-53019)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to ImageMagick version 6.9.13-26, 7.1.2-0 or later.

See Also

http://www.nessus.org/u?988ffb76

http://www.nessus.org/u?291cc012

http://www.nessus.org/u?7a3faa12

Plugin Details

Severity: High

ID: 242329

File Name: imagemagick_7_1_2.nasl

Version: 1.1

Type: local

Agent: windows

Family: Windows

Published: 7/18/2025

Updated: 7/18/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 7.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:C

CVSS Score Source: CVE-2025-53101

CVSS v3

Risk Factor: High

Base Score: 7.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Vulnerability Information

CPE: cpe:/a:imagemagick:imagemagick

Required KB Items: installed_sw/ImageMagick

Patch Publication Date: 7/15/2025

Vulnerability Publication Date: 7/15/2025

Reference Information

CVE: CVE-2025-53014, CVE-2025-53019, CVE-2025-53101

IAVB: 2025-B-0117