vulnerability

Ubuntu: USN-7756-1 (CVE-2025-55212): ImageMagick vulnerabilities

Try Surface Command
Back to search
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Published
Aug 26, 2025
Added
Sep 19, 2025
Modified
Sep 22, 2025

Description

It was discovered that ImageMagick did not properly handle memory when
performing magnified size calculations. An attacker could possibly use this
issue to cause ImageMagick to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2025-55154)

Woojin Park, Hojun Lee, Youngin Won, and Siyeon Han discovered that
ImageMagick incorrectly handled creating thumbnail images for certain
dimensions. An attacker could possibly use this issue to cause ImageMagick
to crash, resulting in a denial of service. This issue only affected Ubuntu
24.04 LTS. (CVE-2025-55212)

Lumina Mescuwa discovered that ImageMagick did not properly handle cloning
splay trees in the MagickCore library. An attacker could possibly use this
issue to cause sanitized builds of ImageMagick to crash, resulting in a
denial of service. (CVE-2025-55160)

Lumina Mescuwa discovered that ImageMagick did not properly handle memory.
An attacker could possibly use this issue to cause ImageMagick to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2025-57807)

Solutions

ubuntu-pro-upgrade-imagemagick-6-q16ubuntu-pro-upgrade-imagemagick-6-q16hdriubuntu-pro-upgrade-libmagick-6-q16-9t64ubuntu-pro-upgrade-libmagick-6-q16hdri-9t64ubuntu-pro-upgrade-libmagickcore-6-q16-7-extraubuntu-pro-upgrade-libmagickcore-6-q16-7t64ubuntu-pro-upgrade-libmagickcore-6-q16hdri-7-extraubuntu-pro-upgrade-libmagickcore-6-q16hdri-7t64ubuntu-pro-upgrade-libmagickwand-6-q16-7t64ubuntu-pro-upgrade-libmagickwand-6-q16hdri-7t64

References

    Title
    NEW

    Explore Exposure Command

    Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

    Try it today