Home > Vulnerability Database > CVE-2025-55212

Mend.io Vulnerability Database

CVE-2025-55212

Good to know:

Date: August 26, 2025

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage() divides by these zero dimensions, triggering a crash (SIGFPE/abort), resulting in a denial of service. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.

Severity Score

3.7

Related Resources (9)

Url: https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1

Url: https://github.com/ImageMagick/ImageMagick/blob/0ba1b587be17543b664f7ad538e9e51e0da59d17/MagickCore/resize.c#L4625-L4629

Url: https://github.com/ImageMagick/ImageMagick/commit/5f0bcf986b8b5e90567750d31a37af502b73f2af

Url: https://github.com/ImageMagick/ImageMagick

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-55212

Url: https://security-tracker.debian.org/tracker/CVE-2025-55212

Url: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxgw

Url: https://github.com/ImageMagick/ImageMagick/blob/0ba1b587be17543b664f7ad538e9e51e0da59d17/MagickCore/geometry.c#L355

Url: https://www.mend.io/vulnerability-database/CVE-2025-55212

Severity Score

3.7

Weakness Type (CWE)

Divide By Zero

CWE-369

Top Fix

Upgrade Version

Upgrade to version magick.net-q16-anycpu - 14.8.1;magick.net-q16-hdri-anycpu - 14.8.1;magick.net-q16-hdri-openmp-arm64 - 14.8.1;magick.net-q16-hdri-openmp-x64 - 14.8.1;magick.net-q16-hdri-arm64 - 14.8.1;magick.net-q16-hdri-x64 - 14.8.1;magick.net-q16-hdri-x86 - 14.8.1;magick.net-q16-openmp-arm64 - 14.8.1;magick.net-q16-openmp-x64 - 14.8.1;magick.net-q16-arm64 - 14.8.1;magick.net-q16-x64 - 14.8.1;magick.net-q16-x86 - 14.8.1;magick.net-q8-anycpu - 14.8.1;magick.net-q8-openmp-arm64 - 14.8.1;magick.net-q8-openmp-x64 - 14.8.1;magick.net-q8-arm64 - 14.8.1;magick.net-q8-x64 - 14.8.1;magick.net-q8-x86 - 14.8.1

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-55212

Good to know:

Date: August 26, 2025

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?