Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-8az1-gpaq-2kej
Summary
ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow
A 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses `bytes_per_line` (stride) to a tiny value while the per-row writer still emits `3 × width` bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines.

- **Impact:** Attacker-controlled heap out-of-bounds (OOB) write during conversion **to BMP**.

- **Surface:** Typical upload → normalize/thumbnail → `magick ... out.bmp` workers.

- **32-bit:** **Vulnerable** (reproduced with ASan).

- **64-bit:** Safe from this specific integer overflow (IOF) by arithmetic, but still add product/size guards.

- **Proposed severity:** **Critical 9.8** (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).


---


Add checked arithmetic around stride computation and enforce a per-row invariant so that the number of bytes emitted per row (row_bytes) always fits within the computed stride (bytes_per_line). Guard multiplication/addition and product computations used for header fields and allocation sizes, and fail early with a clear WidthOrHeightExceedsLimit/ResourceLimitError when values exceed safe bounds.

Concretely:

- Validate width and bits_per_pixel before the stride formula to ensure (width*bpp + 31) cannot overflow a size_t.
- Compute row_bytes for the chosen bpp and assert row_bytes <= bytes_per_line.
- Bound rows * stride before allocating and ensure biSizeImage (DIB 32-bit) cannot overflow.

A full suggested guarded implementation is provided in Appendix A — Full patch (for maintainers).

---
Aliases
0
alias CVE-2025-57803
1
alias GHSA-mxvv-97wh-cfmm
Fixed_packages
0
url pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=aarch64&distroversion=edge&reponame=community
purl pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=aarch64&distroversion=edge&reponame=community
1
url pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=armhf&distroversion=edge&reponame=community
purl pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=armhf&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=armhf&distroversion=edge&reponame=community
2
url pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=armv7&distroversion=edge&reponame=community
purl pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=armv7&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=armv7&distroversion=edge&reponame=community
3
url pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=loongarch64&distroversion=edge&reponame=community
purl pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=loongarch64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=loongarch64&distroversion=edge&reponame=community
4
url pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=ppc64le&distroversion=edge&reponame=community
purl pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=ppc64le&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=ppc64le&distroversion=edge&reponame=community
5
url pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=riscv64&distroversion=edge&reponame=community
6
url pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=s390x&distroversion=edge&reponame=community
purl pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=s390x&distroversion=edge&reponame=community
7
url pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=x86&distroversion=edge&reponame=community
purl pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=x86&distroversion=edge&reponame=community
8
url pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=x86_64&distroversion=edge&reponame=community
purl pkg:apk/alpine/imagemagick@7.1.2.8-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.8-r0%3Farch=x86_64&distroversion=edge&reponame=community
9
url pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.3%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.3%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hr11-5edt-5ugu
1
vulnerability VCID-z5ve-fkb6-8yhs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.3%252Bdeb11u4%3Fdistro=trixie
10
url pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.3%2Bdeb11u6?distro=trixie
purl pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.3%2Bdeb11u6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.3%252Bdeb11u6%3Fdistro=trixie
11
url pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u4?distro=trixie
purl pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u4%3Fdistro=trixie
12
url pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9?distro=trixie
purl pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-z5ve-fkb6-8yhs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9%3Fdistro=trixie
13
url pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u2%3Fdistro=trixie
14
url pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u8?distro=trixie
purl pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u8?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-z5ve-fkb6-8yhs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u8%3Fdistro=trixie
15
url pkg:deb/debian/imagemagick@8:7.1.2.3%2Bdfsg1-1?distro=trixie
purl pkg:deb/debian/imagemagick@8:7.1.2.3%2Bdfsg1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.3%252Bdfsg1-1%3Fdistro=trixie
16
url pkg:deb/debian/imagemagick@8:7.1.2.23%2Bdfsg1-1?distro=trixie
purl pkg:deb/debian/imagemagick@8:7.1.2.23%2Bdfsg1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.23%252Bdfsg1-1%3Fdistro=trixie
17
url pkg:deb/debian/imagemagick@8:7.1.2.24%2Bdfsg1-1?distro=trixie
purl pkg:deb/debian/imagemagick@8:7.1.2.24%2Bdfsg1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.24%252Bdfsg1-1%3Fdistro=trixie
Affected_packages
0
url pkg:rpm/redhat/ImageMagick@6.9.10.68-9?arch=el7_9
purl pkg:rpm/redhat/ImageMagick@6.9.10.68-9?arch=el7_9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8az1-gpaq-2kej
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ImageMagick@6.9.10.68-9%3Farch=el7_9
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57803.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57803.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57803
reference_id
reference_type
scores
0
value 0.00136
scoring_system epss
scoring_elements 0.33267
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57803
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57803
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57803
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:19Z/
url https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/2c55221f4d38193adcb51056c14cf238fbcc35d7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:19Z/
url https://github.com/ImageMagick/ImageMagick/commit/2c55221f4d38193adcb51056c14cf238fbcc35d7
7
reference_url https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112469
reference_id 1112469
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112469
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2391093
reference_id 2391093
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2391093
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57803
reference_id CVE-2025-57803
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57803
11
reference_url https://github.com/advisories/GHSA-mxvv-97wh-cfmm
reference_id GHSA-mxvv-97wh-cfmm
reference_type
scores
url https://github.com/advisories/GHSA-mxvv-97wh-cfmm
12
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mxvv-97wh-cfmm
reference_id GHSA-mxvv-97wh-cfmm
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:19Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mxvv-97wh-cfmm
13
reference_url https://access.redhat.com/errata/RHSA-2025:16313
reference_id RHSA-2025:16313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16313
14
reference_url https://usn.ubuntu.com/7812-1/
reference_id USN-7812-1
reference_type
scores
url https://usn.ubuntu.com/7812-1/
Weaknesses
0
cwe_id 122
name Heap-based Buffer Overflow
description A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
1
cwe_id 190
name Integer Overflow or Wraparound
description The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-8az1-gpaq-2kej