VulnerableCode Package Details - pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-29u1-jeu6-kbfa Aliases: CVE-2025-53019	ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak. Versions 7.1.2-0 and 6.9.13-26 fix the issue.	8:7.1.1.43+dfsg1-1+deb13u1 Affected by 0 other vulnerabilities.
VCID-a94z-fw5x-sugj Aliases: CVE-2025-53101	ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.	8:7.1.1.43+dfsg1-1+deb13u1 Affected by 0 other vulnerabilities.
VCID-e1g3-szha-ffb4 Aliases: CVE-2025-53015 GHSA-vmhh-8rxq-fp9g	ImageMagick has XMP profile write that triggers hang due to unbounded loop ### Summary Infinite lines occur when writing during a specific XMP file conversion command ### Details ``` #0 GetXmpNumeratorAndDenominator (denominator=<optimized out>, numerator=<optimized out>, value=<optimized out>) at MagickCore/profile.c:2578 #1 GetXmpNumeratorAndDenominator (denominator=<synthetic pointer>, numerator=<synthetic pointer>, value=720000000000000) at MagickCore/profile.c:2564 #2 SyncXmpProfile (image=image@entry=0x555555bb9ea0, profile=0x555555b9d020) at MagickCore/profile.c:2605 #3 0x00005555555db5cf in SyncImageProfiles (image=image@entry=0x555555bb9ea0) at MagickCore/profile.c:2651 #4 0x0000555555798d4f in WriteImage (image_info=image_info@entry=0x555555bc2050, image=image@entry=0x555555bb9ea0, exception=exception@entry=0x555555b7bea0) at MagickCore/constitute.c:1288 #5 0x0000555555799862 in WriteImages (image_info=image_info@entry=0x555555bb69c0, images=<optimized out>, images@entry=0x555555bb9ea0, filename=<optimized out>, exception=0x555555b7bea0) at MagickCore/constitute.c:1575 #6 0x00005555559650c4 in CLINoImageOperator (cli_wand=cli_wand@entry=0x555555b85790, option=option@entry=0x5555559beebe "-write", arg1n=arg1n@entry=0x7fffffffe2c7 "a.mng", arg2n=arg2n@entry=0x0) at MagickWand/operation.c:4993 #7 0x0000555555974579 in CLIOption (cli_wand=cli_wand@entry=0x555555b85790, option=option@entry=0x5555559beebe "-write") at MagickWand/operation.c:5473 #8 0x00005555559224aa in ProcessCommandOptions (cli_wand=cli_wand@entry=0x555555b85790, argc=argc@entry=3, argv=argv@entry=0x7fffffffdfa8, index=index@entry=1) at MagickWand/magick-cli.c:758 #9 0x000055555592276d in MagickImageCommand (image_info=image_info@entry=0x555555b824a0, argc=argc@entry=3, argv=argv@entry=0x7fffffffdfa8, metadata=metadata@entry=0x7fffffffbc10, exception=exception@entry=0x555555b7bea0) at MagickWand/magick-cli.c:1392 #10 0x00005555559216a0 in MagickCommandGenesis (image_info=image_info@entry=0x555555b824a0, command=command@entry=0x555555922640 <MagickImageCommand>, argc=argc@entry=3, argv=argv@entry=0x7fffffffdfa8, metadata=0x0, exception=exception@entry=0x555555b7bea0) at MagickWand/magick-cli.c:177 #11 0x000055555559f76b in MagickMain (argc=3, argv=0x7fffffffdfa8) at utilities/magick.c:162 #12 0x00007ffff700fd90 in __libc_start_call_main (main=main@entry=0x55555559aec0 <main>, argc=argc@entry=3, argv=argv@entry=0x7fffffffdfa8) at ../sysdeps/nptl/libc_start_call_main.h:58 #13 0x00007ffff700fe40 in __libc_start_main_impl (main=0x55555559aec0 <main>, argc=3, argv=0x7fffffffdfa8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdf98) at ../csu/libc-start.c:392 #14 0x000055555559f535 in _start () ``` ``` static void GetXmpNumeratorAndDenominator(double value, unsigned long numerator,unsigned long denominator) { double df; numerator=0; denominator=1; if (value <= MagickEpsilon) return; numerator=1; df=1.0; while(fabs(df - value) > MagickEpsilon) { if (df < value) (numerator)++; else { (denominator)++; numerator=(unsigned long) (value(denominator)); } df=numerator/(double)denominator; } } ``` In this code, the loop `while(fabs(df - value) > MagickEpsilon)` keeps repeating endlessly. ### PoC `magick hang a.mng` https://drive.google.com/file/d/1iegkwlTjqnJTtM4XkiheYsjKsC6pxtId/view?usp=sharing ### Impact XMP profile write triggers hang due to unbounded loop ### credits Team Pay1oad DVE Reporter : Shinyoung Won (with contributions from WooJin Park, DongHa Lee, JungWoo Park, Woojin Jeon, Juwon Chae, Kyusang Han, JaeHun Gou) yosimich(@yosiimich) Shinyoung Won of SSA Lab e-mail : [yosimich123@gmail.com] Woojin Jeon Gtihub : brainoverflow e-mail : [root@brainoverflow.kr] WooJin Park GitHub : jin-156 e-mail : [1203kids@gmail.com] Who4mI(@GAP-dev) Lee DongHa of SSA Lab Github: GAP-dev e-mail : [ceo@zeropointer.co.kr] JungWoo Park Github : JungWooJJING e-mail : [cuby5577@gmail.com] Juwon Chae Github : I_mho e-mail : [wndnjs4698@naver.com] Kyusang Han Github : T1deSEC e-mail : [hksjoe0081@gmail.com] JaeHun Gou Github : P2GONE e-mail : [charly20@naver.com] ### Commits Fixed in: https://github.com/ImageMagick/ImageMagick/commit/229fa96a988a21d78318bbca61245a6ed1ee33a0 and https://github.com/ImageMagick/ImageMagick/commit/38631605e6ab744548a561797472cf8648bcfe26	8:7.1.1.43+dfsg1-1+deb13u1 Affected by 0 other vulnerabilities.
VCID-gxcb-28wn-p7ed Aliases: CVE-2025-46393	In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order).	8:7.1.1.43+dfsg1-1+deb13u1 Affected by 0 other vulnerabilities.
VCID-u1h6-93ev-jucd Aliases: CVE-2025-43965	In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used.	8:7.1.1.43+dfsg1-1+deb13u1 Affected by 0 other vulnerabilities.
VCID-xspy-9x25-xqaq Aliases: CVE-2025-53014	ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix the issue.	8:7.1.1.43+dfsg1-1+deb13u1 Affected by 0 other vulnerabilities.

Next non-vulnerable version	8:7.1.1.43+dfsg1-1+deb13u1
Latest non-vulnerable version	8:7.1.1.43+dfsg1-1+deb13u1
Risk	4.0

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T13:10:45.639326+00:00	Debian Importer	Fixing	VCID-ker7-x9xt-s3d4	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T13:09:35.271068+00:00	Debian Importer	Affected by	VCID-u1h6-93ev-jucd	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T13:07:34.174271+00:00	Debian Importer	Affected by	VCID-e1g3-szha-ffb4	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:59:32.166915+00:00	Debian Importer	Affected by	VCID-a94z-fw5x-sugj	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:45:10.379319+00:00	Debian Importer	Affected by	VCID-gxcb-28wn-p7ed	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:38:42.653904+00:00	Debian Importer	Affected by	VCID-29u1-jeu6-kbfa	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:25:25.684245+00:00	Debian Importer	Affected by	VCID-xspy-9x25-xqaq	https://security-tracker.debian.org/tracker/data/json	37.0.0