Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=x86_64&distroversion=v3.22&reponame=community
Typeapk
Namespacealpine
Nameimagemagick
Version7.1.2.8-r0
Qualifiers
arch x86_64
distroversion v3.22
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version7.1.2.12-r0
Latest_non_vulnerable_version7.1.2.15-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-5s8n-dfjf-ruey
vulnerability_id VCID-5s8n-dfjf-ruey
summary 
ImageMagick has a Heap Buffer Overflow in InterpretImageFilename
# Heap Buffer Overflow in InterpretImageFilename

## Summary
A heap buffer overflow was identified in the `InterpretImageFilename` function of ImageMagick. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`).

## Environment
- **OS**: Arch Linux (Linux gmkhost 6.14.2-arch1-1 # 1 SMP PREEMPT_DYNAMIC Thu, 10 Apr 2025 18:43:59 +0000 x86_64 GNU/Linux (GNU libc) 2.41)
- **Architecture**: x86_64
- **Compiler**: gcc (GCC) 15.1.1 20250425

## Reproduction

### Build Instructions
```bash
# Clone the repository
git clone https://github.com/ImageMagick/ImageMagick.git
cd ImageMagick
git reset --hard 8fff9b4f44d2e8b5cae2bd6db70930a144d15f12

# Build with AddressSanitizer
export CFLAGS="-fsanitize=address -g -O1"
export CXXFLAGS="-fsanitize=address -g -O1"
export LDFLAGS="-fsanitizer=address"
./configure
make

# Set library path and trigger the crash
export LD_LIBRARY_PATH="$(pwd)/MagickWand/.libs:$(pwd)/MagickCore/.libs:$LD_LIBRARY_PATH"
./utilities/.libs/magick %% a
```

### Minimum Trigger
```bash
./utilities/.libs/magick %% [any_output_filename]
```

## Crash Analysis

### AddressSanitizer Output
```
$ ./utilities/.libs/magick %% a
=================================================================
==2227694==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7037f99e3ad3 at pc 0x741801e81a17 bp 0x7ffd22fa4e00 sp 0x7ffd22fa45b8
READ of size 1 at 0x7037f99e3ad3 thread T0
    #0 0x741801e81a16 in strchr /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:746
    #1 0x7418013b4f06 in InterpretImageFilename MagickCore/image.c:1674
    #2 0x7418012826a3 in ReadImages MagickCore/constitute.c:1040
    #3 0x741800e4696b in CLINoImageOperator MagickWand/operation.c:4959
    #4 0x741800e64de7 in CLIOption MagickWand/operation.c:5473
    #5 0x741800d92edf in ProcessCommandOptions MagickWand/magick-cli.c:653
    #6 0x741800d94816 in MagickImageCommand MagickWand/magick-cli.c:1392
    #7 0x741800d913e4 in MagickCommandGenesis MagickWand/magick-cli.c:177
    #8 0x5ef7a3546638 in MagickMain utilities/magick.c:162
    #9 0x5ef7a3546872 in main utilities/magick.c:193
    #10 0x7417ff53f6b4  (/usr/lib/libc.so.6+0x276b4) (BuildId: 468e3585c794491a48ea75fceb9e4d6b1464fc35)
    #11 0x7417ff53f768 in __libc_start_main (/usr/lib/libc.so.6+0x27768) (BuildId: 468e3585c794491a48ea75fceb9e4d6b1464fc35)
    #12 0x5ef7a3546204 in _start (/home/kforfk/workspace/fuzz_analysis/saigen/ImageMagick/utilities/.libs/magick+0x2204) (BuildId: 96677b60628cf297eaedb3eb17b87000d29403f2)

0x7037f99e3ad3 is located 0 bytes after 3-byte region [0x7037f99e3ad0,0x7037f99e3ad3)
allocated by thread T0 here:
    #0 0x741801f20e15 in malloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:67
    #1 0x7418013e86bc in AcquireMagickMemory MagickCore/memory.c:559

SUMMARY: AddressSanitizer: heap-buffer-overflow MagickCore/image.c:1674 in InterpretImageFilename
Shadow bytes around the buggy address:
  0x7037f99e3800: fa fa 07 fa fa fa 00 fa fa fa fd fa fa fa fd fa
  0x7037f99e3880: fa fa 07 fa fa fa 00 fa fa fa fd fa fa fa fd fa
  0x7037f99e3900: fa fa 07 fa fa fa 00 fa fa fa fd fa fa fa fd fa
  0x7037f99e3980: fa fa 07 fa fa fa 00 fa fa fa fd fa fa fa fd fa
  0x7037f99e3a00: fa fa 07 fa fa fa fd fa fa fa fd fa fa fa 00 04
=>0x7037f99e3a80: fa fa 00 04 fa fa 00 00 fa fa[03]fa fa fa 03 fa
  0x7037f99e3b00: fa fa 00 01 fa fa fa fa fa fa fa fa fa fa fa fa
  0x7037f99e3b80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x7037f99e3c00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x7037f99e3c80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x7037f99e3d00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==2227694==ABORTING
```

## Root Cause Analysis
The first command line argument is interpreted as `MagickImageCommand`:
https://github.com/ImageMagick/ImageMagick/blob/8fff9b4f44d2e8b5cae2bd6db70930a144d15f12/utilities/magick.c#L83
```c
const CommandInfo
  MagickCommands[] =
  {
    MagickCommandSize("magick", MagickFalse, MagickImageCommand),
```

It is invoked here:
https://github.com/ImageMagick/ImageMagick/blob/8fff9b4f44d2e8b5cae2bd6db70930a144d15f12/MagickWand/magick-cli.c#L220
```c
status=command(image_info,argc,argv,&text,exception);
```

The execution then follows this path:
- https://github.com/ImageMagick/ImageMagick/blob/8fff9b4f44d2e8b5cae2bd6db70930a144d15f12/MagickWand/magick-cli.c#L1387
- https://github.com/ImageMagick/ImageMagick/blob/8fff9b4f44d2e8b5cae2bd6db70930a144d15f12/MagickWand/magick-cli.c#L586
- https://github.com/ImageMagick/ImageMagick/blob/8fff9b4f44d2e8b5cae2bd6db70930a144d15f12/MagickWand/magick-cli.c#L419
- https://github.com/ImageMagick/ImageMagick/blob/8fff9b4f44d2e8b5cae2bd6db70930a144d15f12/MagickWand/operation.c#L5391
- https://github.com/ImageMagick/ImageMagick/blob/8fff9b4f44d2e8b5cae2bd6db70930a144d15f12/MagickWand/operation.c#L5473
- https://github.com/ImageMagick/ImageMagick/blob/8fff9b4f44d2e8b5cae2bd6db70930a144d15f12/MagickWand/operation.c#L4959
- https://github.com/ImageMagick/ImageMagick/blob/8fff9b4f44d2e8b5cae2bd6db70930a144d15f12/MagickCore/constitute.c#L1009
- https://github.com/ImageMagick/ImageMagick/blob/8fff9b4f44d2e8b5cae2bd6db70930a144d15f12/MagickCore/constitute.c#L1039
- https://github.com/ImageMagick/ImageMagick/blob/8fff9b4f44d2e8b5cae2bd6db70930a144d15f12/MagickCore/image.c#L1649
- https://github.com/ImageMagick/ImageMagick/blob/8fff9b4f44d2e8b5cae2bd6db70930a144d15f12/MagickCore/image.c#L1674

The execution eventually reaches `InterpretImageFilename` and enters a loop. The `format` variable here is `"%%"`. At this point, it is safe to access `*(format + 2)` but not safe to access `*(format + 3)`.

```c
for (p=strchr(format,'%'); p != (char *) NULL; p=strchr(p+1,'%'))
{
  q=(char *) p+1;
  if (*q == '%')
    {
      p=q+1;
      continue;
    }
```

The first `strchr` call returns a pointer equal to `format` and assigns it to `p`. Then `q` is initialized with `p + 1` (`format + 1`), and `*q` is `'%'`, so the code enters the if branch. Here, `p` is reassigned to `q + 1` (`format + 2`).

In the next iteration, `p + 1` (`format + 3`) is passed to `strchr`, and when `strchr` accesses it, this causes an out-of-bounds read.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53014.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53014.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-53014
reference_id
reference_type
scores
0
value 0.00051
scoring_system epss
scoring_elements 0.15795
published_at 2026-04-08T12:55:00Z
1
value 0.00051
scoring_system epss
scoring_elements 0.1571
published_at 2026-04-07T12:55:00Z
2
value 0.00051
scoring_system epss
scoring_elements 0.1591
published_at 2026-04-04T12:55:00Z
3
value 0.00051
scoring_system epss
scoring_elements 0.15844
published_at 2026-04-02T12:55:00Z
4
value 0.00056
scoring_system epss
scoring_elements 0.17525
published_at 2026-04-29T12:55:00Z
5
value 0.00056
scoring_system epss
scoring_elements 0.17768
published_at 2026-04-09T12:55:00Z
6
value 0.00056
scoring_system epss
scoring_elements 0.17786
published_at 2026-04-11T12:55:00Z
7
value 0.00056
scoring_system epss
scoring_elements 0.1774
published_at 2026-04-12T12:55:00Z
8
value 0.00056
scoring_system epss
scoring_elements 0.17693
published_at 2026-04-13T12:55:00Z
9
value 0.00056
scoring_system epss
scoring_elements 0.17639
published_at 2026-04-16T12:55:00Z
10
value 0.00056
scoring_system epss
scoring_elements 0.17647
published_at 2026-04-18T12:55:00Z
11
value 0.00056
scoring_system epss
scoring_elements 0.17685
published_at 2026-04-21T12:55:00Z
12
value 0.00056
scoring_system epss
scoring_elements 0.17596
published_at 2026-04-24T12:55:00Z
13
value 0.00056
scoring_system epss
scoring_elements 0.17573
published_at 2026-04-26T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-53014
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53014
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53014
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.7.0
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.7.0
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick6/commit/79b6ed03770781d996d1710b89fbb887e5ea758a
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick6/commit/79b6ed03770781d996d1710b89fbb887e5ea758a
7
reference_url https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03
8
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-14T18:26:03Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f
9
reference_url https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-53014
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-53014
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109339
reference_id 1109339
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109339
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2379941
reference_id 2379941
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2379941
13
reference_url https://github.com/advisories/GHSA-hm4x-r5hc-794f
reference_id GHSA-hm4x-r5hc-794f
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hm4x-r5hc-794f
14
reference_url https://usn.ubuntu.com/7728-1/
reference_id USN-7728-1
reference_type
scores
url https://usn.ubuntu.com/7728-1/
fixed_packages
0
url pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=x86_64&distroversion=v3.22&reponame=community
aliases CVE-2025-53014, GHSA-hm4x-r5hc-794f
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5s8n-dfjf-ruey
1
url VCID-jtkv-nvan-jbag
vulnerability_id VCID-jtkv-nvan-jbag
summary 
ImageMagick has Integer Overflow in BMP Decoder (ReadBMP)
CVE-2025-57803 claims to be patched in ImageMagick 7.1.2-2, but **the fix is incomplete and ineffective**. The latest version **7.1.2-5 remains vulnerable** to the same integer overflow attack.

The patch added `BMPOverflowCheck()` but placed it **after** the overflow occurs, making it useless. A malicious 58-byte BMP file can trigger AddressSanitizer crashes and DoS.

**Affected Versions:**
- ImageMagick < 7.1.2-2 (originally reported)
- **ImageMagick 7.1.2-2 through 7.1.2-5 (incomplete patch)**

**Platform and Configuration Requirements:**
- 32-bit systems ONLY (i386, i686, armv7l, etc.)
- Requires `size_t = 4 bytes`. (64-bit systems are **NOT vulnerable** (size_t = 8 bytes))
- Requires modified resource limits: The default `width`, `height`, and `area` limits must have been manually increased (Systems using default ImageMagick resource limits are **NOT vulnerable**).

---
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62171.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62171.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62171
reference_id
reference_type
scores
0
value 0.00074
scoring_system epss
scoring_elements 0.22232
published_at 2026-04-29T12:55:00Z
1
value 0.00074
scoring_system epss
scoring_elements 0.22237
published_at 2026-04-26T12:55:00Z
2
value 0.00074
scoring_system epss
scoring_elements 0.22251
published_at 2026-04-24T12:55:00Z
3
value 0.00074
scoring_system epss
scoring_elements 0.22454
published_at 2026-04-18T12:55:00Z
4
value 0.00074
scoring_system epss
scoring_elements 0.22458
published_at 2026-04-16T12:55:00Z
5
value 0.00074
scoring_system epss
scoring_elements 0.22383
published_at 2026-04-07T12:55:00Z
6
value 0.00074
scoring_system epss
scoring_elements 0.22496
published_at 2026-04-12T12:55:00Z
7
value 0.00074
scoring_system epss
scoring_elements 0.22537
published_at 2026-04-11T12:55:00Z
8
value 0.00074
scoring_system epss
scoring_elements 0.22552
published_at 2026-04-02T12:55:00Z
9
value 0.00074
scoring_system epss
scoring_elements 0.22519
published_at 2026-04-09T12:55:00Z
10
value 0.00074
scoring_system epss
scoring_elements 0.22464
published_at 2026-04-08T12:55:00Z
11
value 0.00074
scoring_system epss
scoring_elements 0.22595
published_at 2026-04-04T12:55:00Z
12
value 0.00074
scoring_system epss
scoring_elements 0.22442
published_at 2026-04-13T12:55:00Z
13
value 0.00076
scoring_system epss
scoring_elements 0.22694
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62171
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62171
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62171
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.9.0
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.9.0
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-17T17:05:36Z/
url https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00
7
reference_url https://lists.debian.org/debian-lts-announce/2025/10/msg00019.html
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/10/msg00019.html
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118340
reference_id 1118340
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118340
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2404735
reference_id 2404735
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2404735
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62171
reference_id CVE-2025-62171
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62171
11
reference_url https://github.com/advisories/GHSA-9pp9-cfwx-54rm
reference_id GHSA-9pp9-cfwx-54rm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9pp9-cfwx-54rm
12
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm
reference_id GHSA-9pp9-cfwx-54rm
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-17T17:05:36Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm
13
reference_url https://access.redhat.com/errata/RHSA-2026:3058
reference_id RHSA-2026:3058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3058
14
reference_url https://usn.ubuntu.com/7876-1/
reference_id USN-7876-1
reference_type
scores
url https://usn.ubuntu.com/7876-1/
fixed_packages
0
url pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=x86_64&distroversion=v3.22&reponame=community
aliases CVE-2025-62171, GHSA-9pp9-cfwx-54rm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jtkv-nvan-jbag
2
url VCID-vkp6-wh22-eqap
vulnerability_id VCID-vkp6-wh22-eqap
summary 
ImageMagick CLAHE : Unsigned underflow and division-by-zero lead to OOB pointer arithmetic and process crash (DoS)
A single root cause in the CLAHE implementation — tile width/height becoming zero — produces two distinct but related unsafe behaviors.
Vulnerabilities exists in the `CLAHEImage()` function of ImageMagick’s `MagickCore/enhance.c`.

1. Unsigned integer underflow → out-of-bounds pointer arithmetic (OOB): when `tile_info.height == 0`, the expression `tile_info.height - 1` (unsigned) wraps to a very large value; using that value in pointer arithmetic yields a huge offset and OOB memory access (leading to memory corruption, SIGSEGV, or resource exhaustion).
2. **Division/modulus by zero**: where code performs `... / tile_info.width` or `... % tile_info.height` without re-checking for zero, causing immediate division-by-zero crashes under sanitizers or `abort` at runtime.

Both behaviors are triggered by the same invalid tile condition (e.g., CLI exact `-clahe 0x0!` or automatic tile derivation `dim >> 3 == 0` for very small images).

---
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62594.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62594.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62594
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02624
published_at 2026-04-04T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.0261
published_at 2026-04-02T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.04046
published_at 2026-04-24T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.04036
published_at 2026-04-21T12:55:00Z
4
value 0.00017
scoring_system epss
scoring_elements 0.03915
published_at 2026-04-18T12:55:00Z
5
value 0.00017
scoring_system epss
scoring_elements 0.03903
published_at 2026-04-16T12:55:00Z
6
value 0.00017
scoring_system epss
scoring_elements 0.0392
published_at 2026-04-13T12:55:00Z
7
value 0.00017
scoring_system epss
scoring_elements 0.03973
published_at 2026-04-08T12:55:00Z
8
value 0.00017
scoring_system epss
scoring_elements 0.04101
published_at 2026-04-29T12:55:00Z
9
value 0.00017
scoring_system epss
scoring_elements 0.04054
published_at 2026-04-26T12:55:00Z
10
value 0.00017
scoring_system epss
scoring_elements 0.03967
published_at 2026-04-11T12:55:00Z
11
value 0.00017
scoring_system epss
scoring_elements 0.03968
published_at 2026-04-07T12:55:00Z
12
value 0.00017
scoring_system epss
scoring_elements 0.03998
published_at 2026-04-09T12:55:00Z
13
value 0.00017
scoring_system epss
scoring_elements 0.0395
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62594
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
4
reference_url https://github.com/ImageMagick/ImageMagick/commit/7b47fe369eda90483402fcd3d78fa4167d3bb129
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-27T20:23:10Z/
url https://github.com/ImageMagick/ImageMagick/commit/7b47fe369eda90483402fcd3d78fa4167d3bb129
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119296
reference_id 1119296
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119296
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2406644
reference_id 2406644
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2406644
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62594
reference_id CVE-2025-62594
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62594
8
reference_url https://github.com/advisories/GHSA-wpp4-vqfq-v4hp
reference_id GHSA-wpp4-vqfq-v4hp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wpp4-vqfq-v4hp
9
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wpp4-vqfq-v4hp
reference_id GHSA-wpp4-vqfq-v4hp
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-27T20:23:10Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wpp4-vqfq-v4hp
fixed_packages
0
url pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=x86_64&distroversion=v3.22&reponame=community
aliases CVE-2025-62594, GHSA-wpp4-vqfq-v4hp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vkp6-wh22-eqap
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=x86_64&distroversion=v3.22&reponame=community