ImageMagick affected by divide-by-zero in ThumbnailImage via montage -geometry ":" leads to crash
Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage() divides by these zero dimensions, triggering a crash (SIGFPE/abort), resulting in a denial of service. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A malformed geometry string (':') passed to montage -geometry in ImageMagick causes a division-by-zero crash, leading to denial of service.
CVE-2025-55212 describes a denial-of-service vulnerability in ImageMagick, a widely used open-source image processing suite [1]. The issue resides in the GetGeometry() function within MagickCore/geometry.c (referenced by [2] and [4]). When a geometry string consisting solely of a colon (:) is passed to the montage -geometry command, the parsing routine StringToDouble interprets the string as 0.0. Consequently, GetGeometry() sets the width and height values to zero, which are later used as divisors in the ThumbnailImage() function [3].
Exploitation is straightforward and does not require any special authentication or network access. An attacker can trigger the vulnerability locally simply by running the command montage -geometry : xc:white null:, using the built-in xc:white pseudo-image as input [3]. Because no external file is required, the attack surface is large; any service or automated process that accepts user-supplied geometry strings for montage could be compromised.
The impact is a denial of service. The division-by-zero in ThumbnailImage() causes an immediate crash — typically a SIGFPE (floating-point exception) or an abort — leading to abnormal termination of the ImageMagick process [3]. This can be used to disrupt image processing pipelines, web applications using ImageMagick for thumbnail generation, or other automated workflows.
A patch has been released. Versions 6.9.13-28 and 7.1.2-2 contain the fix [3]. All users running earlier versions are advised to update immediately. No workaround is available other than filtering or rejecting geometry strings that contain only a colon before they reach montage.
- GitHub - ImageMagick/ImageMagick: ImageMagick is a free, open-source software suite for creating, editing, converting, and displaying images. It supports 200+ formats and offers powerful command-line tools and APIs for automation, scripting, and integration across platforms.
- NVD - CVE-2025-55212
- Divide-by-zero in ThumbnailImage via montage -geometry ":" leads to crash
- ImageMagick/MagickCore/geometry.c at 0ba1b587be17543b664f7ad538e9e51e0da59d17 · ImageMagick/ImageMagick
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Magick.NET-Q16-AnyCPUNuGet | < 14.8.1 | 14.8.1 |
Magick.NET-Q16-HDRI-AnyCPUNuGet | < 14.8.1 | 14.8.1 |
Magick.NET-Q16-HDRI-OpenMP-arm64NuGet | < 14.8.1 | 14.8.1 |
Magick.NET-Q16-HDRI-OpenMP-x64NuGet | < 14.8.1 | 14.8.1 |
Magick.NET-Q16-HDRI-arm64NuGet | < 14.8.1 | 14.8.1 |
Magick.NET-Q16-HDRI-x64NuGet | < 14.8.1 | 14.8.1 |
Magick.NET-Q16-HDRI-x86NuGet | < 14.8.1 | 14.8.1 |
Magick.NET-Q16-OpenMP-arm64NuGet | < 14.8.1 | 14.8.1 |
Magick.NET-Q16-OpenMP-x64NuGet | < 14.8.1 | 14.8.1 |
Magick.NET-Q16-arm64NuGet | < 14.8.1 | 14.8.1 |
Magick.NET-Q16-x64NuGet | < 14.8.1 | 14.8.1 |
Magick.NET-Q16-x86NuGet | < 14.8.1 | 14.8.1 |
Magick.NET-Q8-AnyCPUNuGet | < 14.8.1 | 14.8.1 |
Magick.NET-Q8-OpenMP-arm64NuGet | < 14.8.1 | 14.8.1 |
Magick.NET-Q8-OpenMP-x64NuGet | < 14.8.1 | 14.8.1 |
Magick.NET-Q8-arm64NuGet | < 14.8.1 | 14.8.1 |
Magick.NET-Q8-x64NuGet | < 14.8.1 | 14.8.1 |
Magick.NET-Q8-x86NuGet | < 14.8.1 | 14.8.1 |
Affected products
2<6.9.13-28, <7.1.2-2+ 1 more
- (no CPE)range: <6.9.13-28, <7.1.2-2
- (no CPE)range: < 7.1.2-2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- github.com/advisories/GHSA-fh55-q5pj-pxgwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-55212ghsaADVISORY
- github.com/ImageMagick/ImageMagick/blob/0ba1b587be17543b664f7ad538e9e51e0da59d17/MagickCore/geometry.cghsax_refsource_MISCWEB
- github.com/ImageMagick/ImageMagick/blob/0ba1b587be17543b664f7ad538e9e51e0da59d17/MagickCore/resize.cghsax_refsource_MISCWEB
- github.com/ImageMagick/ImageMagick/commit/5f0bcf986b8b5e90567750d31a37af502b73f2afghsax_refsource_MISCWEB
- github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxgwghsax_refsource_CONFIRMWEB
- github.com/dlemstra/Magick.NET/releases/tag/14.8.1ghsax_refsource_MISCWEB
- lists.debian.org/debian-lts-announce/2025/09/msg00012.htmlghsaWEB
News mentions
0No linked articles in our index yet.