Primary

Context

ImageMagick Unbounded Loop Vulnerability in XMP Profile Writing

Vulnerability

Patched

A denial-of-service vulnerability has been identified in ImageMagick, occurring in versions through 7.1.1-47. The issue arises during the conversion of certain XMP files, where an infinite loop is created, causing the application to hang. This flaw has been addressed in version 7.1.2-0.

Impact

Exploiting this vulnerability leads to a denial-of-service condition, where the application hangs indefinitely due to an unbounded loop triggered by XMP profile writing.

Reproduction

The vulnerability can be reproduced by using the 'magick' command-line tool to write an XMP profile into an 'a.mng' file. This process triggers the infinite loop, causing ImageMagick to hang.

Remediation

Users can upgrade to ImageMagick version 7.1.2-0 or later to address this vulnerability.

Added: Jul 14, 2025, 8:21 PM

Updated: Jul 14, 2025, 8:21 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ImageMagick Unbounded Loop Vulnerability in XMP Profile Writing

Vulnerability

Impact

Reproduction

Remediation

Affected Products

ImageMagick

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating