CVE-2025-55212

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-55212
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage() divides by these zero dimensions, triggering a crash (SIGFPE/abort), resulting in a denial of service. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.

3.7 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://github.com/ImageMagick/ImageMagick/blob/0ba1b587be17543b664f7ad538e9e51e0da59d17/MagickCore/geometry.c#L355 Product
https://github.com/ImageMagick/ImageMagick/blob/0ba1b587be17543b664f7ad538e9e51e0da59d17/MagickCore/resize.c#L4625-L4629 Product
https://github.com/ImageMagick/ImageMagick/commit/5f0bcf986b8b5e90567750d31a37af502b73f2af Patch
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxgw Exploit Vendor Advisory
https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1 Release Notes
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxgw Exploit Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
History

02 Sep 2025, 18:10

Type Values Removed Values Added
References () https://github.com/ImageMagick/ImageMagick/blob/0ba1b587be17543b664f7ad538e9e51e0da59d17/MagickCore/geometry.c#L355 - () https://github.com/ImageMagick/ImageMagick/blob/0ba1b587be17543b664f7ad538e9e51e0da59d17/MagickCore/geometry.c#L355 - Product
References () https://github.com/ImageMagick/ImageMagick/blob/0ba1b587be17543b664f7ad538e9e51e0da59d17/MagickCore/resize.c#L4625-L4629 - () https://github.com/ImageMagick/ImageMagick/blob/0ba1b587be17543b664f7ad538e9e51e0da59d17/MagickCore/resize.c#L4625-L4629 - Product
References () https://github.com/ImageMagick/ImageMagick/commit/5f0bcf986b8b5e90567750d31a37af502b73f2af - () https://github.com/ImageMagick/ImageMagick/commit/5f0bcf986b8b5e90567750d31a37af502b73f2af - Patch
References () https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxgw - () https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxgw - Exploit, Vendor Advisory
References () https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1 - () https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1 - Release Notes
First Time Imagemagick
Imagemagick imagemagick
CPE cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

29 Aug 2025, 16:22

Type Values Removed Values Added
Summary
  • (es) ImageMagick es un software gratuito y de código abierto que se utiliza para editar y manipular imágenes digitales. Antes de las versiones 6.9.13-28 y 7.1.2-2, al pasar una cadena de geometría que solo contenía dos puntos (":") a montage -geometry, GetGeometry() establecía el ancho/alto en 0. Posteriormente, ThumbnailImage() dividía por estas dimensiones cero, lo que provocaba un fallo (SIGFPE/abort) y una denegación de servicio. Este problema se ha corregido en las versiones 6.9.13-28 y 7.1.2-2.

26 Aug 2025, 20:15

Type Values Removed Values Added
References () https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxgw - () https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxgw -

26 Aug 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-26 17:15

Updated : 2025-09-02 18:10

NVD link : CVE-2025-55212

Mitre link : CVE-2025-55212

CVE.ORG link : CVE-2025-55212

JSON object : View

Products Affected

imagemagick

  • imagemagick
CWE
CWE-369

Divide By Zero