CVE-2025-43965
Description
ImageMagick before 7.1.1-44 mishandles image depth in MIFF processing after SetQuantumFormat, leading to potential memory corruption.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick before 7.1.1-44 mishandles image depth in MIFF processing after SetQuantumFormat, leading to potential memory corruption.
Vulnerability
In ImageMagick versions before 7.1.1-44, the MIFF image reader (ReadMIFFImage) fails to update the image->depth field after calling SetQuantumFormat. This can cause inconsistent image depth handling, potentially leading to out-of-bounds memory access when processing crafted MIFF files. The vulnerability exists in the coders/miff.c file.
Exploitation
An attacker can exploit this by providing a specially crafted MIFF image file that specifies a quantum format different from the image depth. When ImageMagick processes this file, the mismatch can lead to buffer overflows or other memory corruption. No special authentication is required; only the ability to trigger processing of the malicious file (e.g., via ImageMagick convert or other tools).
Impact
Successful exploitation could lead to arbitrary code execution or denial of service, depending on how the memory corruption manifests. The attacker may achieve control over the process, enabling further compromise of the system.
Mitigation
The fix is included in ImageMagick version 7.1.1-44, released on 2025-02-22 [1]. Users should upgrade to this version or later. The commit [2] adds a line to update image->depth after SetQuantumFormat. No workaround is documented for unpatched versions.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
12<7.1.1-44+ 1 more
- (no CPE)range: <7.1.1-44
- (no CPE)range: 0
- osv-coords10 versionspkg:apk/chainguard/imagemagick-6pkg:apk/chainguard/imagemagick-6-devpkg:apk/chainguard/imagemagick-6-docpkg:apk/chainguard/imagemagick-6-staticpkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 0+ 9 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 7.1.1.21-150600.3.3.1
- (no CPE)range: < 7.1.1.21-150600.3.3.1
- (no CPE)range: < 7.1.0.9-150400.6.30.1
- (no CPE)range: < 7.1.1.21-150600.3.3.1
- (no CPE)range: < 7.1.1.43-150700.3.3.1
- (no CPE)range: < 6.8.8.1-71.204.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2News mentions
0No linked articles in our index yet.