{
  "threat_severity" : "Moderate",
  "public_date" : "2025-08-13T14:00:53Z",
  "bugzilla" : {
    "description" : "imagemagick: ImageMagick: Undefined Behavior",
    "id" : "2388253",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2388253"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-758",
  "details" : [ "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in sanitizer builds), with no crash in a non-sanitized build. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.", "An undefined behavior flaw has been discovered in ImageMagick. In certain builds the splay tree cloning callback may exhibit undefined behavior." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "ImageMagick",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "ImageMagick",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-55160\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-55160\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x" ],
  "name" : "CVE-2025-55160",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}