CVE-2025-55160
MEDIUMDescription
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in sanitizer builds), with no crash in a non-sanitized build. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| imagemagick | imagemagick |
| imagemagick | imagemagick |
References
Frequently Asked Questions
What is CVE-2025-55160? +
How severe is CVE-2025-55160? +
What products are affected by CVE-2025-55160? +
How do I check if I'm vulnerable to CVE-2025-55160? +
Related Vulnerabilities
OpenPLC_V3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads …
The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. …
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decode_signed32() in src/bacnet/bacint.c …
Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of …
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the …
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable …