HIGH🇵🇱 Wersja polska

CVE-2025-53101

CVSS 7.4v3.1pub. 2025-07-14upd. 2025-11-03

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
  • Imagemagick

    APP
    Imagemagick
    < 6.9.13-267.0.0-0 – 7.1.2-0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-56379CRITICAL9.2ten sam produkt

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that a...

CVE-2023-34152CRITICAL9.8ten sam produkt

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in Op...

CVE-2019-19948CRITICAL9.8ten sam produkt

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi...

CVE-2019-19952CRITICAL9.8ten sam produkt

In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, re...

CVE-2019-19949CRITICAL9.1ten sam produkt

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/pn...