Introduction
Sensitive data processed through image conversion pipelines can inadvertently leak into output files due to subtle memory handling flaws. In environments where user-supplied images are automatically processed, such vulnerabilities can undermine data confidentiality without obvious signs of compromise.
ImageMagick is a free and open-source image manipulation suite used globally in web servers, content management systems, and cloud platforms. It supports over 200 image formats and is a foundational component in many automated image processing workflows. Its broad adoption and complex codebase make it a frequent target for security research and vulnerability discovery efforts.
Technical Information
CVE-2025-55004 is a heap buffer overflow read vulnerability in ImageMagick's ReadOneMNGImage function. The flaw exists in versions prior to 7.1.2-1 and is triggered when magnifying MNG (Multiple-image Network Graphics) images that contain separate alpha channels. During the magnification process, the function fails to enforce proper buffer boundaries when handling both pixel and alpha channel data. This results in out-of-bounds reads from the heap, causing memory contents adjacent to the intended buffer to be included in the output image.
The vulnerability is classified as CWE-122 (Heap-based Buffer Overflow). The root cause is insufficient bounds checking during the scaling of pixel and alpha channel data. MNG images with separate alpha channels require careful memory management, and the complexity of this operation has led to similar vulnerabilities in the past. For example, CVE-2017-17879 also involved a heap buffer over-read in the same function, highlighting persistent challenges in safely processing this image format.
No public code snippets or proof-of-concept exploits have been released for this vulnerability as of the publication date.
Affected Systems and Versions
- ImageMagick versions prior to 7.1.2-1 are affected
- Specifically impacts systems that process MNG images with separate alpha channels
- All configurations using vulnerable ImageMagick versions for automated or user-driven image magnification are at risk
Vendor Security History
ImageMagick has a long history of memory safety issues, particularly in image parsing and processing routines. The ReadOneMNGImage function has been the subject of previous vulnerabilities, such as CVE-2017-17879, which also involved heap buffer over-read conditions. The ImageMagick team maintains a public security advisory system and generally responds promptly to vulnerability reports. Despite these efforts, the complexity of supporting numerous image formats continues to result in recurring security issues.