ImageMagick, Heap Buffer Overflow Read, CVE-2025-55004 (Low)

Listen to this Post

The vulnerability stems from an insecure handling of the `-define magnify:method` parameter. When an unrecognized value is supplied, the magnify operation fails to validate the input against a whitelist of allowed scaling algorithms (e.g., scale2X, eagle2X, xbr2X). Instead, the code proceeds to calculate memory offsets using the unrecognized string, leading to a heap-based out-of-bounds read. Specifically, the function `AcquireQuantumMemory` allocates buffers based on pixel channel count and image dimensions. If the `magnify:method` is not recognized, the internal state machine does not update the channel layout metadata. A subsequent call to `GetAuthenticPixels` triggers ResetPixelChannelMap, which adds new channel mappings but does not reallocate the previously sized buffers. As a result, when the magnify loop reads pixel data using `GetPixelAlpha` and similar macros, it accesses memory beyond the allocated heap region. This out-of-bounds read can leak sensitive memory contents into the output image or cause a denial of service. The issue is triggered remotely by uploading a crafted image with an unrecognized `magnify:method` definition and requiring user interaction to process the image.

dailycve form

Platform: ImageMagick
Version: ≤7.1.2-1
Vulnerability: Heap OOB
Severity: Low
Date: 2026-04-14

Prediction: 2026-04-21

What Undercode Say:

Analytics show the flaw is reachable via image upload endpoints. Use the following to test and block:

Check ImageMagick version
magick -version | head -1
Test with unrecognized method
magick input.png -define magnify:method=invalid -magnify output.png
Apply policy.xml to block unknown defines
echo '<policymap><policy domain="delegate" rights="none" pattern="" /><policy domain="coder" rights="read" pattern="PNG,JPEG" /><policy domain="path" rights="none" pattern="@"/></policymap>' > /etc/ImageMagick-7/policy.xml

Exploit:

A remote attacker uploads an MNG or PNG file containing an EXIF or comment block that sets magnify:method=badvalue. When the server processes the image (e.g., thumbnail generation), the heap over-read occurs, potentially leaking memory or crashing the worker process.

Protection:

  • Upgrade to ImageMagick 7.1.2-2 or newer.
  • Enforce strict `policy.xml` to disallow all defines except those explicitly whitelisted.
  • Run image processing in isolated containers with memory limits.

Impact:

Low – primarily denial of service; however, memory leaks could aid further exploitation. No code execution has been demonstrated.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top