- Description
- ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.4
- Impact score
- 5.2
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-124
- Hype score
- Not currently trending
ImageMagickの画像処理ライブラリに深刻な脆弱性(CVE-2025-53101)が発見された。これはmagick mogrifyコマンドで連続した書式指定子(例: %d%d)を含むファイル名テンプレートを処理する際、スタックバッファアンダ
@yousukezan
15 Jul 2025
570 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
ImageMagickにバッファオーバーフローの脆弱性。CVE-2025-53101はCVSSスコア7.4で、画像ファイル名テンプレートの取り扱いにおける特定条件下で発現。vsnprintf()で%dで内部ポインタ演算をしよう。遠隔コード実行のお
@__kokumoto
15 Jul 2025
1924 Impressions
2 Retweets
15 Likes
3 Bookmarks
0 Replies
1 Quote
CVE-2025-53101 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mo… https://t.co/eeUQju66DG
@CVEnew
14 Jul 2025
464 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes