CNNVD-202510-2481 Information
CNNVD ID
CNNVD-202510-2481
Related CVE
- CNNVD Published: 2025-10-17
Description (Chinese)
ImageMagick是ImageMagick开源的一套开源的图像处理软件。可读取、转换或写入多种格式的图片。 ImageMagick 7.1.2-7之前版本和6.9.13-32之前版本存在输入验证错误漏洞,该漏洞源于32位系统上BMP解码器计算extent值时发生整数溢出,可能导致缓冲区溢出。
Description (English)
ImageMagick is an open-source image-processing software for ImageMagick open source. Reads, converts or writes pictures in multiple formats. There was an input validation error gap in previous versions 7.1.2-7 and 6.9.13-32 of ImageMagick, which resulted from the integer spill of the 32-bit system ’ s BMP decoder ’ s calculation of the extent value, which could result in a buffer zone spill.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
ImageMagick
Published
2025-10-17
Last Modified
2026-02-24
References
https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00 https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm https://vigilance.fr/vulnerability/ImageMagick-integer-overflow-via-BMP-Decoder-ReadBMP-48517
Patch
https://imagemagick.org/script/download.php
Share on: