Fluid Attacks Database

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024. This leads to corrupting memory beyond the end of the allocated logmap buffer. This issue has been patched in version 7.1.2-1.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	imagemagick	=8:7.1.1.43+dfsg1-1 \|\| =8:7.1.1.43+dfsg1-1+deb13u1 \|\| >=0 <8:7.1.1.43+dfsg1-1+deb13u2	8:7.1.1.43+dfsg1-1+deb13u2
debian 14	imagemagick	=8:7.1.1.43+dfsg1-1 \|\| =8:7.1.1.46+dfsg1-1 \|\| =8:7.1.1.47+dfsg1-1 \|\| =8:7.1.1.47+dfsg1-2 \|\| >=0 <8:7.1.2.1+dfsg1-1	8:7.1.2.1+dfsg1-1
rpm rhel6	ImageMagick	-	-
rpm rhel7	ImageMagick	-	-

Aliases

1. CVE-2025-550052. NVD-2025-550053. OSV-DEBIAN-2025-550054. OSV-2025-550055. SECURITY-TRACKER-CVE-2025-55005

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.