Skip to main content
Skip table of contents

ISN 2025-42: ImageMagick Vulnerabilities

First published 2 October 2025

CVSS:3.1: 8.8 (High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Multiple security vulnerabilities have been found in ImageMagick, an open-source image processor used in IGEL OS. This affects the following product versions:

  • IGEL OS 12

  • IGEL OS 11

Details

It has been discovered that a format string vulnerability exists in the InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can use this to overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution (CVE-2025-55298, high).

Apart from that the magnified size calculations in ReadOneMNGIMage are unsafe and can overflow, leading to memory corruption (CVE-2025-55154, high). Finally, a possible division by zero via the montage command can crash the program (CVE-2025-55212, high).

Update Instructions

  • OS 12: Update to the IGEL OS base system app in version 12.7.4 or newer when available from the IGEL App Portal.

  • OS 11: Update to IGEL OS version 11.11.100 when available.

References

Debian Security Advisory DSA-5997-1: https://lists.debian.org/debian-security-announce/2025/msg00161.html

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.