Multiple ImageMagick Vulnerabilities Lead to Memory Corruption and Integer Overflow Issues

Security researchers have identified four critical vulnerabilities in ImageMagick, a widely used open-source image processing software suite, which could expose millions of users to significant security risks. Discovered by the researcher known as “urban-warrior” and published recently, these vulnerabilities include two high-severity flaws that may enable attackers to execute malicious code via specially crafted image files. The most severe issues are related to ImageMagick’s handling of the MNG (Multiple-image Network Graphics) file format, particularly within the image magnification functionality. ImageMagick developers have promptly released patches to address these vulnerabilities, and both organisations and individual users are strongly advised to update their installations immediately to mitigate potential exploitation.

The first critical flaw, tracked as CVE-2025-55154 (BIGSLEEP-435153105), involves integer overflow vulnerabilities in MNG magnification calculations. This flaw arises when processing maliciously crafted MNG files, leading to unsafe calculations that can overflow and result in memory corruption and potential code execution. The second high-severity vulnerability, CVE-2025-55004 (BIGSLEEP-436829309), specifically targets images with alpha channels, creating heap buffer overflow conditions that could allow attackers to leak memory contents or cause application crashes. These vulnerabilities exploit fundamental weaknesses in ImageMagick’s memory management and input validation systems, making them particularly concerning, especially the alpha channel vulnerability, which can be triggered without violating standard security policies. 

Categories: Vulnerabilities, Memory Corruption, Security Risks 

Tags: Vulnerabilities, ImageMagick, Security, Code Execution, Memory Corruption, MNG, Integer Overflow, Alpha Channel, Buffer Overflow, Patches