VYPR
Moderate severityNVD Advisory· Published Oct 27, 2025· Updated Oct 27, 2025

ImageMagick CLAHE : Unsigned underflow and division-by-zero lead to OOB pointer arithmetic and process crash (DoS)

CVE-2025-62594

Description

ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow occurs in pointer arithmetic, leading to out-of-bounds memory access, and division-by-zero causes immediate crashes. This issue has been patched in version 7.1.2-8.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Magick.NET-Q16-x64NuGet
<= 14.9.0
Magick.NET-Q8-x64NuGet
<= 14.9.0
Magick.NET-Q16-HDRI-x64NuGet
<= 14.9.0
Magick.NET-Q8-OpenMP-x64NuGet
<= 14.9.0
Magick.NET-Q16-HDRI-OpenMP-x64NuGet
<= 14.9.0
Magick.NET-Q16-OpenMP-x64NuGet
<= 14.9.0
Magick.NET-Q8-arm64NuGet
<= 14.9.0
Magick.NET-Q16-arm64NuGet
<= 14.9.0
Magick.NET-Q16-OpenMP-arm64NuGet
<= 14.9.0
Magick.NET-Q8-OpenMP-arm64NuGet
<= 14.9.0
Magick.NET-Q16-HDRI-OpenMP-arm64NuGet
<= 14.9.0
Magick.NET-Q16-HDRI-arm64NuGet
<= 14.9.0

Affected products

25

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.

CVE-2025-62594 · moderate · VYPR