Vulnerability DatabaseCVE-2025-57807
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-57807
September 05, 2025
ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.
Affected Packages
https://github.com/ImageMagick/ImageMagick.git (GITHUB):
Affected version(s) >=7.0.1-0 <7.1.2-3
Fix Suggestion:
Update to version 7.1.2-3
Magick.NET-Q16-HDRI-x64 (NUGET):
Affected version(s) >=6.8.9.101 <14.8.2
Fix Suggestion:
Update to version 14.8.2
Magick.NET-Q16-OpenMP-x64 (NUGET):
Affected version(s) >=7.14.0 <14.8.2
Fix Suggestion:
Update to version 14.8.2
Magick.NET-Q16-arm64 (NUGET):
Affected version(s) >=8.6.0 <14.8.2
Fix Suggestion:
Update to version 14.8.2
Magick.NET-Q16-HDRI-OpenMP-arm64 (NUGET):
Affected version(s) >=8.6.0 <14.8.2
Fix Suggestion:
Update to version 14.8.2
Magick.NET-Q16-HDRI-OpenMP-x64 (NUGET):
Affected version(s) >=7.14.0 <14.8.2
Fix Suggestion:
Update to version 14.8.2
Magick.NET-Q8-OpenMP-arm64 (NUGET):
Affected version(s) >=8.6.0 <14.8.2
Fix Suggestion:
Update to version 14.8.2
Magick.NET-Q16-OpenMP-arm64 (NUGET):
Affected version(s) >=8.6.0 <14.8.2
Fix Suggestion:
Update to version 14.8.2
Magick.NET-Q16-HDRI-arm64 (NUGET):
Affected version(s) >=8.6.0 <14.8.2
Fix Suggestion:
Update to version 14.8.2
Magick.NET-Q8-x64 (NUGET):
Affected version(s) >=6.8.5.401 <14.8.2
Fix Suggestion:
Update to version 14.8.2
Magick.NET-Q16-x64 (NUGET):
Affected version(s) >=6.8.5.401 <14.8.2
Fix Suggestion:
Update to version 14.8.2
Magick.NET-Q8-OpenMP-x64 (NUGET):
Affected version(s) >=7.14.0 <14.8.2
Fix Suggestion:
Update to version 14.8.2
Magick.NET-Q8-arm64 (NUGET):
Affected version(s) >=8.6.0 <14.8.2
Fix Suggestion:
Update to version 14.8.2
Related Resources (6)
https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e
https://security-tracker.debian.org/tracker/CVE-2025-57807
https://github.com/ImageMagick/ImageMagick
https://nvd.nist.gov/vuln/detail/CVE-2025-57807
https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-23hg-53q6-hqfg
Do you need more information?
Contact Us
CVSS v4
Base Score:
1
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
PASSIVE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
3.8
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
Weakness Type (CWE)
Incorrect Calculation of Buffer Size
CWE-131
Heap-based Buffer Overflow
CWE-122
Out-of-bounds Write
CWE-787
EPSS
Base Score:
0.04