OESA-2025-1906

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1906
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-1906.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2025-1906
Upstream
Published
2025-07-25T13:17:10Z
Modified
2025-08-12T05:51:55.637154Z
Summary
ImageMagick security update
Details

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.

Security Fix(es):

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the InterpretImageFilename function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (%%). Versions 7.1.2-0 and 6.9.13-26 fix the issue.(CVE-2025-53014)

A vulnerability, which was classified as problematic, was found in ImageMagick up to 7.1.1 (Image Processing Software).CWE is classifying the issue as CWE-835. The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.This is going to have an impact on availability.Upgrading to version 7.1.2-0 eliminates this vulnerability.(CVE-2025-53015)

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's magick stream command, specifying multiple consecutive %d format specifiers in a filename template causes a memory leak. Versions 7.1.2-0 and 6.9.13-26 fix the issue.(CVE-2025-53019)

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's magick mogrify command, specifying multiple consecutive %d format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through vsnprintf(). Versions 7.1.2-0 and 6.9.13-26 fix the issue.(CVE-2025-53101)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:22.03-LTS-SP3 / ImageMagick

Package

Name
ImageMagick
Purl
pkg:rpm/openEuler/ImageMagick&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.1.1.8-7.oe2203sp3

Ecosystem specific 

{
    "aarch64": [
        "ImageMagick-7.1.1.8-7.oe2203sp3.aarch64.rpm",
        "ImageMagick-c++-7.1.1.8-7.oe2203sp3.aarch64.rpm",
        "ImageMagick-c++-devel-7.1.1.8-7.oe2203sp3.aarch64.rpm",
        "ImageMagick-debuginfo-7.1.1.8-7.oe2203sp3.aarch64.rpm",
        "ImageMagick-debugsource-7.1.1.8-7.oe2203sp3.aarch64.rpm",
        "ImageMagick-devel-7.1.1.8-7.oe2203sp3.aarch64.rpm",
        "ImageMagick-help-7.1.1.8-7.oe2203sp3.aarch64.rpm",
        "ImageMagick-perl-7.1.1.8-7.oe2203sp3.aarch64.rpm"
    ],
    "src": [
        "ImageMagick-7.1.1.8-7.oe2203sp3.src.rpm"
    ],
    "x86_64": [
        "ImageMagick-7.1.1.8-7.oe2203sp3.x86_64.rpm",
        "ImageMagick-c++-7.1.1.8-7.oe2203sp3.x86_64.rpm",
        "ImageMagick-c++-devel-7.1.1.8-7.oe2203sp3.x86_64.rpm",
        "ImageMagick-debuginfo-7.1.1.8-7.oe2203sp3.x86_64.rpm",
        "ImageMagick-debugsource-7.1.1.8-7.oe2203sp3.x86_64.rpm",
        "ImageMagick-devel-7.1.1.8-7.oe2203sp3.x86_64.rpm",
        "ImageMagick-help-7.1.1.8-7.oe2203sp3.x86_64.rpm",
        "ImageMagick-perl-7.1.1.8-7.oe2203sp3.x86_64.rpm"
    ]
}