CVE

DEBIAN-CVE-2025-66628

ImageMagick is a software suite to create, edit, compose, or convert bitmap images.

CVE

DEBIAN-CVE-2025-66628

ImageMagick is a software suite to create, edit, compose, or convert bitmap images.

ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in its ReadTIMImage function (coders/tim.c). The code reads width and height (16-bit values) from the file header and calculates imagesize = 2 width height without checking for overflow. On 32-bit systems (or where sizet is 32-bit), this calculation can overflow if width and height are large (e.g., 65535), wrapping around to a small value. This results in a small heap allocation via AcquireQuantumMemory and later operations relying on the dimensions can trigger an out of bounds read. This issue is fixed in version 7.1.2-10.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Related Resources

No items found.

References

https://security-tracker.debian.org/tracker/CVE-2025-66628

Severity

7.5

CVSS Score

Basic Information

Ecosystem

Base CVSS

7.5

EPSS Probability

EPSS Percentile

Introduced Version

Fix Available

8:6.9.11.60+dfsg-1.3+deb11u8,8:6.9.11.60+dfsg-1.6+deb12u5,8:7.1.1.43+dfsg1-1+deb13u4,8:7.1.2.12+dfsg1-1

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

DEBIAN-CVE-2025-66628