Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=loongarch64&distroversion=v3.23&reponame=community

Type apk

Namespace alpine

Name imagemagick

Version 7.1.2.8-r0

Qualifiers

arch	loongarch64
distroversion	v3.23
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 7.1.2.12-r0

Latest_non_vulnerable_version 7.1.2.23-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1btu-wnd9-bfbf

vulnerability_id VCID-1btu-wnd9-bfbf

summary

ImageMagick has a Heap Buffer Overflow in InterpretImageFilename
A heap buffer overflow was identified in the `InterpretImageFilename` function of ImageMagick. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53014.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53014.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-53014

reference_id

reference_type

scores

value	0.00173
scoring_system	epss
scoring_elements	0.38556
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-53014

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53014
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53014

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.7.0

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.7.0

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url

https://github.com/ImageMagick/ImageMagick6/commit/79b6ed03770781d996d1710b89fbb887e5ea758a

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick6/commit/79b6ed03770781d996d1710b89fbb887e5ea758a

reference_url

https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03

reference_url

https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109339
reference_id	1109339
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109339

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2379941
reference_id	2379941
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2379941

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-53014

reference_id

CVE-2025-53014

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-53014

reference_url	https://github.com/advisories/GHSA-hm4x-r5hc-794f
reference_id	GHSA-hm4x-r5hc-794f
reference_type
scores
url	https://github.com/advisories/GHSA-hm4x-r5hc-794f

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f

reference_id

GHSA-hm4x-r5hc-794f

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-14T18:26:03Z/

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f

reference_url	https://usn.ubuntu.com/7728-1/
reference_id	USN-7728-1
reference_type
scores
url	https://usn.ubuntu.com/7728-1/

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=loongarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=loongarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community

aliases CVE-2025-53014, GHSA-hm4x-r5hc-794f

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1btu-wnd9-bfbf

url VCID-27wf-43fw-kuam

vulnerability_id VCID-27wf-43fw-kuam

summary

ImageMagick has a Format String Bug in InterpretImageFilename leads to arbitrary code execution
A format string bug vulnerability exists in `InterpretImageFilename` function where user input is directly passed to `FormatLocaleString` without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution.
<br>

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55298.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55298.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-55298

reference_id

reference_type

scores

value	0.01005
scoring_system	epss
scoring_elements	0.77413
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-55298

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55298
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55298

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-26T20:36:37Z/

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url

https://github.com/ImageMagick/ImageMagick/commit/439b362b93c074eea6c3f834d84982b43ef057d5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-26T20:36:37Z/

url

https://github.com/ImageMagick/ImageMagick/commit/439b362b93c074eea6c3f834d84982b43ef057d5

reference_url

https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111586
reference_id	1111586
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111586

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2391097
reference_id	2391097
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2391097

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-55298

reference_id

CVE-2025-55298

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-55298

reference_url	https://github.com/advisories/GHSA-9ccg-6pjw-x645
reference_id	GHSA-9ccg-6pjw-x645
reference_type
scores
url	https://github.com/advisories/GHSA-9ccg-6pjw-x645

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9ccg-6pjw-x645

reference_id

GHSA-9ccg-6pjw-x645

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-26T20:36:37Z/

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9ccg-6pjw-x645

reference_url	https://usn.ubuntu.com/7812-1/
reference_id	USN-7812-1
reference_type
scores
url	https://usn.ubuntu.com/7812-1/

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=loongarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=loongarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community

aliases CVE-2025-55298, GHSA-9ccg-6pjw-x645

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-27wf-43fw-kuam

url VCID-5e38-r9z4-a7h9

vulnerability_id VCID-5e38-r9z4-a7h9

summary

ImageMagick CLAHE : Unsigned underflow and division-by-zero lead to OOB pointer arithmetic and process crash (DoS)
A single root cause in the CLAHE implementation — tile width/height becoming zero — produces two distinct but related unsafe behaviors.
Vulnerabilities exists in the `CLAHEImage()` function of ImageMagick’s `MagickCore/enhance.c`.

1. Unsigned integer underflow → out-of-bounds pointer arithmetic (OOB): when `tile_info.height == 0`, the expression `tile_info.height - 1` (unsigned) wraps to a very large value; using that value in pointer arithmetic yields a huge offset and OOB memory access (leading to memory corruption, SIGSEGV, or resource exhaustion).
2. **Division/modulus by zero**: where code performs `... / tile_info.width` or `... % tile_info.height` without re-checking for zero, causing immediate division-by-zero crashes under sanitizers or `abort` at runtime.

Both behaviors are triggered by the same invalid tile condition (e.g., CLI exact `-clahe 0x0!` or automatic tile derivation `dim >> 3 == 0` for very small images).

---

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62594.json

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62594.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-62594

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.04884
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-62594

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url

https://github.com/ImageMagick/ImageMagick/commit/7b47fe369eda90483402fcd3d78fa4167d3bb129

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-27T20:23:10Z/

url

https://github.com/ImageMagick/ImageMagick/commit/7b47fe369eda90483402fcd3d78fa4167d3bb129

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119296
reference_id	1119296
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119296

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2406644
reference_id	2406644
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2406644

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-62594

reference_id

CVE-2025-62594

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-62594

reference_url

https://github.com/advisories/GHSA-wpp4-vqfq-v4hp

reference_id

GHSA-wpp4-vqfq-v4hp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wpp4-vqfq-v4hp

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wpp4-vqfq-v4hp

reference_id

GHSA-wpp4-vqfq-v4hp

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-27T20:23:10Z/

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wpp4-vqfq-v4hp

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=loongarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=loongarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community

aliases CVE-2025-62594, GHSA-wpp4-vqfq-v4hp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5e38-r9z4-a7h9

url VCID-893t-wh5q-13ew

vulnerability_id VCID-893t-wh5q-13ew

summary

ImageMagick has Integer Overflow in BMP Decoder (ReadBMP)
CVE-2025-57803 claims to be patched in ImageMagick 7.1.2-2, but **the fix is incomplete and ineffective**. The latest version **7.1.2-5 remains vulnerable** to the same integer overflow attack.

The patch added `BMPOverflowCheck()` but placed it **after** the overflow occurs, making it useless. A malicious 58-byte BMP file can trigger AddressSanitizer crashes and DoS.

**Affected Versions:**
- ImageMagick < 7.1.2-2 (originally reported)
- **ImageMagick 7.1.2-2 through 7.1.2-5 (incomplete patch)**

**Platform and Configuration Requirements:**
- 32-bit systems ONLY (i386, i686, armv7l, etc.)
- Requires `size_t = 4 bytes`. (64-bit systems are **NOT vulnerable** (size_t = 8 bytes))
- Requires modified resource limits: The default `width`, `height`, and `area` limits must have been manually increased (Systems using default ImageMagick resource limits are **NOT vulnerable**).

---

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62171.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62171.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-62171

reference_id

reference_type

scores

value	0.00076
scoring_system	epss
scoring_elements	0.2295
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-62171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62171

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.9.0

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.9.0

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url

https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-17T17:05:36Z/

url

https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00

reference_url

https://lists.debian.org/debian-lts-announce/2025/10/msg00019.html

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/10/msg00019.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118340
reference_id	1118340
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118340

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2404735
reference_id	2404735
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2404735

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-62171

reference_id

CVE-2025-62171

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-62171

reference_url

https://github.com/advisories/GHSA-9pp9-cfwx-54rm

reference_id

GHSA-9pp9-cfwx-54rm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9pp9-cfwx-54rm

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm

reference_id

GHSA-9pp9-cfwx-54rm

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-17T17:05:36Z/

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm

reference_url	https://access.redhat.com/errata/RHSA-2026:3058
reference_id	RHSA-2026:3058
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3058

reference_url	https://usn.ubuntu.com/7876-1/
reference_id	USN-7876-1
reference_type
scores
url	https://usn.ubuntu.com/7876-1/

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=loongarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=loongarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community

aliases CVE-2025-62171, GHSA-9pp9-cfwx-54rm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-893t-wh5q-13ew

url VCID-px2s-euef-ayeh

vulnerability_id VCID-px2s-euef-ayeh

summary

ImageMagick has a Stack Buffer Overflow in image.c
In ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53101.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53101.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-53101

reference_id

reference_type

scores

value	0.0035
scoring_system	epss
scoring_elements	0.57786
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-53101

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53101
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53101

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.7.0

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.7.0

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url

https://github.com/ImageMagick/ImageMagick6/commit/643deeb60803488373cd4799b24d5786af90972e

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick6/commit/643deeb60803488373cd4799b24d5786af90972e

reference_url

https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:27:44Z/

url

https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774

reference_url

https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109339
reference_id	1109339
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109339

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2379947
reference_id	2379947
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2379947

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-53101

reference_id

CVE-2025-53101

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-53101

reference_url	https://github.com/advisories/GHSA-qh3h-j545-h8c9
reference_id	GHSA-qh3h-j545-h8c9
reference_type
scores
url	https://github.com/advisories/GHSA-qh3h-j545-h8c9

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9

reference_id

GHSA-qh3h-j545-h8c9

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:27:44Z/

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9

reference_url	https://usn.ubuntu.com/7728-1/
reference_id	USN-7728-1
reference_type
scores
url	https://usn.ubuntu.com/7728-1/

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=loongarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=loongarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community

aliases CVE-2025-53101, GHSA-qh3h-j545-h8c9

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-px2s-euef-ayeh

url VCID-r168-y44g-cybn

vulnerability_id VCID-r168-y44g-cybn

summary

ImageMagick has a Memory Leak in magick stream
In ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53019.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53019.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-53019

reference_id

reference_type

scores

value	0.00377
scoring_system	epss
scoring_elements	0.59615
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-53019

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53019
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53019

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.7.0

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.7.0

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url

https://github.com/ImageMagick/ImageMagick6/commit/d49460522669232159c2269fa64f73ed30555c1b

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick6/commit/d49460522669232159c2269fa64f73ed30555c1b

reference_url

https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c

reference_url

https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109339
reference_id	1109339
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109339

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2379949
reference_id	2379949
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2379949

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-53019

reference_id

CVE-2025-53019

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-53019

reference_url	https://github.com/advisories/GHSA-cfh4-9f7v-fhrc
reference_id	GHSA-cfh4-9f7v-fhrc
reference_type
scores
url	https://github.com/advisories/GHSA-cfh4-9f7v-fhrc

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cfh4-9f7v-fhrc

reference_id

GHSA-cfh4-9f7v-fhrc

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:27:49Z/

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cfh4-9f7v-fhrc

reference_url	https://usn.ubuntu.com/7728-1/
reference_id	USN-7728-1
reference_type
scores
url	https://usn.ubuntu.com/7728-1/

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=loongarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=loongarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community

aliases CVE-2025-53019, GHSA-cfh4-9f7v-fhrc

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r168-y44g-cybn

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community

Package Instance