CVE-2025-53014

Low CVSS 3.7

Overview

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix the issue.

CWE: CWE-125 Published: 2025-07-14T18:15:23.620

Risk analysis

This vulnerability is rated 🟢 LOW.

CVSS: 3.7 (LOW)
Detected tags: buffer, format_string (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags