Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-53101

Опубликовано: 14 июл. 2025
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's magick mogrify command, specifying multiple consecutive %d format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through vsnprintf(). Versions 7.1.2-0 and 6.9.13-26 fix the issue.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ImageMagickOut of support scope
Red Hat Enterprise Linux 7ImageMagickFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-124
https://bugzilla.redhat.com/show_bug.cgi?id=2379947ImageMagick: ImageMagick Stack Buffer Overflow

EPSS

Процентиль: 16%
0.00052
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-53101

CVSS3: 7.4
ubuntu
23 дня назад

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.

nvd логотип

CVE-2025-53101

CVSS3: 7.4
nvd
23 дня назад

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.

debian логотип

CVE-2025-53101

CVSS3: 7.4
debian
23 дня назад

ImageMagick is free and open-source software used for editing and mani ...

suse-cvrf логотип

SUSE-SU-2025:02510-1

suse-cvrf
14 дней назад

Security update for ImageMagick

suse-cvrf логотип

SUSE-SU-2025:02511-1

suse-cvrf
14 дней назад

Security update for ImageMagick

EPSS

Процентиль: 16%
0.00052
Низкий

6.5 Medium

CVSS3