Primary

Context

ImageMagick Integer Overflow Vulnerability in TIM Decoder Leading to Out-of-Bounds Read

Vulnerability

Patched

A critical integer overflow vulnerability has been identified in the TIM image parser of ImageMagick versions prior to 7.1.2-9. The issue arises in the ReadTIMImage function, where the code reads width and height values from the file header and calculates the image size without proper overflow checks. On 32-bit systems, this calculation can overflow if the dimensions are large, leading to a small heap allocation. Subsequent operations that depend on these dimensions can cause an out-of-bounds read, potentially disclosing arbitrary memory.

Impact

Exploitation of this vulnerability can result in arbitrary memory disclosure due to the out-of-bounds read on 32-bit systems.

Remediation

Users can upgrade to ImageMagick version 7.1.2-10 to address this vulnerability. For those using Magick.NET, version 14.10.0 includes the patch.

Added: Dec 10, 2025, 10:19 PM

Updated: Dec 10, 2025, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.7

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.7

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ImageMagick Integer Overflow Vulnerability in TIM Decoder Leading to Out-of-Bounds Read

Vulnerability

Impact

Remediation

Affected Products

ImageMagick

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating