Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/57981?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57981?format=api", "vulnerability_id": "VCID-8az1-gpaq-2kej", "summary": "ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow\nA 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses `bytes_per_line` (stride) to a tiny value while the per-row writer still emits `3 × width` bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines.\n\n- **Impact:** Attacker-controlled heap out-of-bounds (OOB) write during conversion **to BMP**.\n\n- **Surface:** Typical upload → normalize/thumbnail → `magick ... out.bmp` workers.\n\n- **32-bit:** **Vulnerable** (reproduced with ASan).\n\n- **64-bit:** Safe from this specific integer overflow (IOF) by arithmetic, but still add product/size guards.\n\n- **Proposed severity:** **Critical 9.8** (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).\n\n\n---\n\n\nAdd checked arithmetic around stride computation and enforce a per-row invariant so that the number of bytes emitted per row (row_bytes) always fits within the computed stride (bytes_per_line). Guard multiplication/addition and product computations used for header fields and allocation sizes, and fail early with a clear WidthOrHeightExceedsLimit/ResourceLimitError when values exceed safe bounds.\n\nConcretely:\n\n- Validate width and bits_per_pixel before the stride formula to ensure (width*bpp + 31) cannot overflow a size_t.\n- Compute row_bytes for the chosen bpp and assert row_bytes <= bytes_per_line.\n- Bound rows * stride before allocating and ensure biSizeImage (DIB 32-bit) cannot overflow.\n\nA full suggested guarded implementation is provided in Appendix A — Full patch (for maintainers).\n\n---", "aliases": [ { "alias": "CVE-2025-57803" }, { "alias": "GHSA-mxvv-97wh-cfmm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/415127?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=aarch64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/415128?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=armhf&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=armhf&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/415129?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=armv7&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=armv7&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/415130?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=loongarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=loongarch64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/415131?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=ppc64le&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=ppc64le&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/415132?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=riscv64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=riscv64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/415133?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=s390x&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=s390x&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/415134?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=x86&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=x86&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/415135?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=x86_64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=x86_64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/99005?format=api", "purl": "pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.3%2Bdeb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hr11-5edt-5ugu" }, { "vulnerability": "VCID-z5ve-fkb6-8yhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.3%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99299?format=api", "purl": "pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.3%2Bdeb11u6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.3%252Bdeb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99297?format=api", "purl": "pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99003?format=api", "purl": "pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-z5ve-fkb6-8yhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99307?format=api", "purl": "pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99008?format=api", "purl": "pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u8?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-z5ve-fkb6-8yhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99308?format=api", "purl": "pkg:deb/debian/imagemagick@8:7.1.2.3%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.3%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99006?format=api", "purl": "pkg:deb/debian/imagemagick@8:7.1.2.23%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.23%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99007?format=api", "purl": "pkg:deb/debian/imagemagick@8:7.1.2.24%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.24%252Bdfsg1-1%3Fdistro=trixie" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/103113?format=api", "purl": "pkg:rpm/redhat/ImageMagick@6.9.10.68-9?arch=el7_9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8az1-gpaq-2kej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ImageMagick@6.9.10.68-9%3Farch=el7_9" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57803.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57803.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-57803", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33267", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-57803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57803" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:19Z/" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/2c55221f4d38193adcb51056c14cf238fbcc35d7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:19Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/2c55221f4d38193adcb51056c14cf238fbcc35d7" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112469", "reference_id": "1112469", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112469" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391093", "reference_id": "2391093", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391093" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57803", "reference_id": "CVE-2025-57803", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57803" }, { "reference_url": "https://github.com/advisories/GHSA-mxvv-97wh-cfmm", "reference_id": "GHSA-mxvv-97wh-cfmm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mxvv-97wh-cfmm" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mxvv-97wh-cfmm", "reference_id": "GHSA-mxvv-97wh-cfmm", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:19Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mxvv-97wh-cfmm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16313", "reference_id": "RHSA-2025:16313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16313" }, { "reference_url": "https://usn.ubuntu.com/7812-1/", "reference_id": "USN-7812-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7812-1/" } ], "weaknesses": [ { "cwe_id": 122, "name": "Heap-based Buffer Overflow", "description": "A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc()." }, { "cwe_id": 190, "name": "Integer Overflow or Wraparound", "description": "The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8az1-gpaq-2kej" }