{ "threat_severity" : "Important", "public_date" : "2025-08-13T13:59:23Z", "bugzilla" : { "description" : "imagemagick: ImageMagick: heap-buffer overflow", "id" : "2388246", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2388246" }, "cvss3" : { "cvss3_base_score" : "7.6", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", "status" : "draft" }, "cwe" : "CWE-122", "details" : [ "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image. This issue has been patched in version 7.1.2-1.", "A heap-based buffer overflow flaw was found in ImageMagick. This issue is present when handling images with separate alpha channels and performing image magnification in ReadOneMNGIMage. This vulnerability could be exploited to leak subsequent memory contents into the output image." ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "ImageMagick", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "ImageMagick", "cpe" : "cpe:/o:redhat:enterprise_linux:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-55004\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-55004\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw\nhttps://goo.gle/bigsleep" ], "name" : "CVE-2025-55004", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }