CVE-2025-53014: ImageMagick has a Heap Buffer Overflow in InterpretImageFilename
(updated )
A heap buffer overflow was identified in the InterpretImageFilename function of ImageMagick. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (%%).
References
- github.com/ImageMagick/ImageMagick
- github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03
- github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f
- github.com/ImageMagick/ImageMagick6/commit/79b6ed03770781d996d1710b89fbb887e5ea758a
- github.com/advisories/GHSA-hm4x-r5hc-794f
- github.com/dlemstra/Magick.NET/releases/tag/14.7.0
- lists.debian.org/debian-lts-announce/2025/09/msg00012.html
- nvd.nist.gov/vuln/detail/CVE-2025-53014
Code Behaviors & Features
Detect and mitigate CVE-2025-53014 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →