CVE-2025-53101
HIGHDescription
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.
Is your site exposed to CVE-2025-53101?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| imagemagick | imagemagick |
| imagemagick | imagemagick |
References
Advisories & Patches
Exploits
Other References
Frequently Asked Questions
What is CVE-2025-53101? +
How severe is CVE-2025-53101? +
What products are affected by CVE-2025-53101? +
How do I check if I'm vulnerable to CVE-2025-53101? +
Related Vulnerabilities
Improper input validation in the System Management Mode (SMM) communications buffer could allow a privileged attacker to perform an out …
Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: …
A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through …
Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network …
Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network …
A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in …