Primary

Context

ImageMagick Heap Buffer Overflow Vulnerability Leading to Application Crash

Vulnerability

Patched

A heap buffer overflow vulnerability has been identified in ImageMagick versions through 7.1.1-13. When processing a specially crafted TIFF file, ImageMagick crashes, creating a denial-of-service condition. This vulnerability has been patched in version 7.1.1-14.

Impact

Exploitation of this vulnerability leads to a crash of the ImageMagick application, causing a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by using the 'magick' command-line tool to process a crafted TIFF file. The command should direct the output to '/dev/null'.

Remediation

Users can upgrade to ImageMagick version 7.1.1-14 or later to address this vulnerability.

Added: Dec 18, 2025, 5:08 PM

Updated: Dec 18, 2025, 5:08 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

6.0

remediation

7.7

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

6.0

remediation

7.7

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ImageMagick Heap Buffer Overflow Vulnerability Leading to Application Crash

Vulnerability

Impact

Reproduction

Remediation

Affected Products

ImageMagick

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating