CVE-2025-55160

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in sanitizer builds), with no crash in a non-sanitized build. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x	Third Party Advisory Exploit

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:imagemagick:imagemagick::::::::
	cpe:2.3:a:imagemagick:imagemagick::::::::

History

15 Aug 2025, 19:25

Type	Values Removed	Values Added
Summary		(es) ImageMagick es un software gratuito y de código abierto que se utiliza para editar y manipular imágenes digitales. En versiones anteriores a la 6.9.13-27 y la 7.1.2-1, existía un comportamiento indefinido (desajuste de tipo de función) en la retrollamada de clonación del árbol de despliegue. Esto provocaba una interrupción determinista en UBSan (ataque de denegación de servicio en compilaciones depuradoras), sin fallos en compilaciones no depuradas. Este problema se ha corregido en las versiones 6.9.13-27 y 7.1.2-1.
CPE		cpe:2.3:a:imagemagick:imagemagick::::::::
First Time		Imagemagick Imagemagick imagemagick
References	~~() https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x -~~	() https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x - Third Party Advisory, Exploit

13 Aug 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-13 14:15

Updated : 2025-08-15 19:25

NVD link : CVE-2025-55160

Mitre link : CVE-2025-55160

CVE.ORG link : CVE-2025-55160

JSON object : View

Products Affected

imagemagick

imagemagick

CWE

CWE-758

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

{"id": "CVE-2025-55160", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-08-13T14:15:33.177", "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x", "tags": ["Third Party Advisory", "Exploit"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-758"}]}], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in sanitizer builds), with no crash in a non-sanitized build. This issue has been patched in versions 6.9.13-27 and 7.1.2-1."}, {"lang": "es", "value": "ImageMagick es un software gratuito y de c\u00f3digo abierto que se utiliza para editar y manipular im\u00e1genes digitales. En versiones anteriores a la 6.9.13-27 y la 7.1.2-1, exist\u00eda un comportamiento indefinido (desajuste de tipo de funci\u00f3n) en la retrollamada de clonaci\u00f3n del \u00e1rbol de despliegue. Esto provocaba una interrupci\u00f3n determinista en UBSan (ataque de denegaci\u00f3n de servicio en compilaciones depuradoras), sin fallos en compilaciones no depuradas. Este problema se ha corregido en las versiones 6.9.13-27 y 7.1.2-1."}], "lastModified": "2025-08-15T19:25:21.890", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13ADF659-7C0F-4D6B-97C2-CAB4130A6E37", "versionEndExcluding": "6.9.13-27"}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40C100B8-316D-4B4A-B9DE-9B72575176D0", "versionEndExcluding": "7.1.2-1", "versionStartIncluding": "7.0.0-0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}