CVE-2025-66628

HIGH

ImageMagick <7.1.9 - Buffer Overflow

Title source: llm

Description

ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in its ReadTIMImage function (coders/tim.c). The code reads width and height (16-bit values) from the file header and calculates image_size = 2 * width * height without checking for overflow. On 32-bit systems (or where size_t is 32-bit), this calculation can overflow if width and height are large (e.g., 65535), wrapping around to a small value. This results in a small heap allocation via AcquireQuantumMemory and later operations relying on the dimensions can trigger an out of bounds read. This issue is fixed in version 7.1.2-10.

Exploits (1)

nomisec WRITEUP 1 stars

by Sumitshah00 · poc

https://github.com/Sumitshah00/CVE-2025-66628

View Code ZIP pw:eip

References (2)

[Vendor Advisory] https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hjr-v6g4-3fm8

[Patch] https://github.com/dlemstra/Magick.NET/commit/2dfa08e15cfd11016a79615994787b14f9048b1c

Scores

CVSS v3 7.5

EPSS 0.0006

EPSS Percentile 18.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-125

Status published

Products (7)

imagemagick/imagemagick < 7.1.2-10

nuget/Magick.NET-Q16-AnyCPU 0 - 14.10.0NuGet

nuget/Magick.NET-Q16-HDRI-AnyCPU 0 - 14.10.0NuGet

nuget/Magick.NET-Q16-HDRI-x86 0 - 14.10.0NuGet

nuget/Magick.NET-Q16-x86 0 - 14.10.0NuGet

nuget/Magick.NET-Q8-AnyCPU 0 - 14.10.0NuGet

nuget/Magick.NET-Q8-x86 0 - 14.10.0NuGet

Published Dec 10, 2025

Tracked Since Feb 18, 2026