CVE-2007-4985
Description
ImageMagick before 6.3.5-9 is vulnerable to denial of service via crafted image files causing infinite loops in DCM and XCF parsing.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick before 6.3.5-9 is vulnerable to denial of service via crafted image files causing infinite loops in DCM and XCF parsing.
Vulnerability
ImageMagick versions prior to 6.3.5-9 contain two denial-of-service vulnerabilities in the parsing of DCM and XCF image formats. The ReadDCMImage function enters an infinite loop due to improper handling of crafted data in ReadBlobByte function calls. Similarly, the ReadXCFImage function enters an infinite loop due to improper handling in ReadBlobMSBLong function calls. An attacker can trigger either code path by supplying a specially crafted image file.
Exploitation
An attacker does not require any authentication or special privileges. The only requirement is to deliver a crafted DCM or XCF image file to a user or process that opens it with an affected version of ImageMagick. The file can be delivered via email, web upload, or any other means that causes ImageMagick to process the image. Upon opening the file, the vulnerable function enters an infinite loop, consuming CPU resources.
Impact
Successful exploitation results in a denial of service (DoS) condition. The affected ImageMagick process becomes unresponsive due to the infinite loop, potentially causing a hang or crash of the application using the library. This can lead to service disruption for any system relying on ImageMagick for image processing.
Mitigation
The vulnerability is fixed in ImageMagick version 6.3.5-9 and later. Users should upgrade to this version or any subsequent release. No workarounds are documented in the available references.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
60cpe:2.3:a:imagemagick:imagemagick:5.3.3:*:*:*:*:*:*:*+ 57 more
- cpe:2.3:a:imagemagick:imagemagick:5.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:5.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:5.4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:5.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:5.4.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:5.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:5.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:5.4.8.2_1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:5.5.3_.2_1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:5.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:5.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:5.5.6.0_20030409:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:5.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:5.5.7.15:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.0.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.0.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.2.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.3.3_3:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.3.3_5:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.3.3_6:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:6.3.4:*:*:*:*:*:*:*
- (no CPE)range: <6.3.5-9
- osv-coords2 versionspkg:rpm/opensuse/GraphicsMagick&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Tumbleweed
< 1.3.36-1.7+ 1 more
- (no CPE)range: < 1.3.36-1.7
- (no CPE)range: < 7.1.0.8-1.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
27- www.securityfocus.com/bid/25764nvdPatch
- bugs.gentoo.org/show_bug.cginvd
- labs.idefense.com/intelligence/vulnerabilities/display.phpnvd
- secunia.com/advisories/26926nvd
- secunia.com/advisories/27048nvd
- secunia.com/advisories/27309nvd
- secunia.com/advisories/27364nvd
- secunia.com/advisories/27439nvd
- secunia.com/advisories/28721nvd
- secunia.com/advisories/29786nvd
- secunia.com/advisories/29857nvd
- secunia.com/advisories/36260nvd
- security.gentoo.org/glsa/glsa-200710-27.xmlnvd
- studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.htmlnvd
- www.debian.org/security/2009/dsa-1858nvd
- www.imagemagick.org/script/changelog.phpnvd
- www.mandriva.com/en/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2007_23_sr.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0145.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0165.htmlnvd
- www.securityfocus.com/archive/1/483572/100/0/threadednvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/usn-523-1nvd
- www.vupen.com/english/advisories/2007/3245nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/36740nvd
- issues.rpath.com/browse/RPL-1743nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10869nvd
News mentions
0No linked articles in our index yet.