CVE-2025-55004 – ImageMagick versions before 7.1.2-1 contain a h... (How to Fix)

Q: What is the severity of CVE-2025-55004?

CVE-2025-55004 has a CVSS score of 7.6 (HIGH). ImageMagick versions before 7.1.2-1 contain a heap-buffer overflow vulnerability in the MNG image format parser that can leak memory contents into output images. This affects any system or application that processes untrusted MNG images with ImageMagick. The vulnerability allows information disclosure but not arbitrary code execution.

📋 TL;DR

ImageMagick versions before 7.1.2-1 contain a heap-buffer overflow vulnerability in the MNG image format parser that can leak memory contents into output images. This affects any system or application that processes untrusted MNG images with ImageMagick. The vulnerability allows information disclosure but not arbitrary code execution.

💻 Affected Systems

Products:

ImageMagick

Versions: All versions before 7.1.2-1

Operating Systems: All platforms running vulnerable ImageMagick versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects processing of MNG (Multiple-image Network Graphics) format images with separate alpha channels during magnification operations.

📦 What is this software?

Imagemagick by Imagemagick

View all CVEs affecting Imagemagick →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could extract sensitive data from memory (passwords, keys, other process data) by crafting malicious MNG images and observing the output.

🟠

Likely Case

Information disclosure where attackers can leak some memory contents from the ImageMagick process into manipulated output images.

🟢

If Mitigated

Minimal impact with proper input validation and sandboxing, though some information leakage might still occur.

🌐 Internet-Facing: MEDIUM - Web applications processing user-uploaded images could be exploited, but requires specific MNG format usage.

🏢 Internal Only: LOW - Requires processing of malicious MNG images, which is less common in internal workflows.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting specific MNG images with separate alpha channels and triggering magnification operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.1.2-1

Vendor Advisory: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw

Restart Required: No

Instructions:

1. Update ImageMagick to version 7.1.2-1 or later. 2. For Linux: Use package manager (apt-get update && apt-get install imagemagick). 3. For source builds: Download latest from imagemagick.org and recompile.

🔧 Temporary Workarounds

Disable MNG format processing

linux

Remove or disable MNG format support in ImageMagick policy.xml

Edit /etc/ImageMagick-7/policy.xml or similar and add: <policy domain="delegate" rights="none" pattern="MNG" />

Sandbox ImageMagick processing

linux

Run ImageMagick in isolated containers with minimal privileges

docker run --read-only --cap-drop=ALL -v /tmp:/tmp:ro imagename convert input.mng output.jpg

🧯 If You Can't Patch

Implement strict input validation to reject or sanitize MNG images before processing
Deploy web application firewalls with image format filtering rules

🔍 How to Verify

Check if Vulnerable:

Check ImageMagick version: convert --version | head -1

Check Version:

convert --version | head -1

Verify Fix Applied:

Verify version is 7.1.2-1 or higher: convert --version | grep -q '7.1.2-1' && echo 'Patched'

📡 Detection & Monitoring

Log Indicators:

Multiple failed MNG image processing attempts
Unusual memory usage patterns in ImageMagick processes

Network Indicators:

Unexpected MNG image uploads to image processing endpoints

SIEM Query:

source="web_logs" AND uri_path="/upload" AND file_extension="mng"

📊 Metadata

CVE ID: CVE-2025-55004

CVSS v3 Score: 7.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

CWE: CWE-122

EPSS Score: 0.04% exploit probability (12.2th percentile)

Published: August 13, 2025

Last Updated: August 15, 2025

🔗 References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw Exploit,Third Party Advisory
https://goo.gle/bigsleep Issue Tracking
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55004, you might also want to check these: