CVE-2025-57807

Publication date 5 September 2025

Last updated 19 September 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

3.8 · Low

Score breakdown

ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.

Status

Package Ubuntu Release Status
imagemagick 25.04 plucky
Vulnerable
24.04 LTS noble
Fixed 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm2
22.04 LTS jammy
Fixed 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm3
20.04 LTS focal
Fixed 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm3
18.04 LTS bionic
Fixed 8:6.9.7.4+dfsg-16ubuntu6.15+esm5
16.04 LTS xenial
Fixed 8:6.8.9.9-7ubuntu5.16+esm13
14.04 LTS trusty
Fixed 8:6.7.7.10-6ubuntu3.13+esm14

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro 30-day free trial

Severity score breakdown

Parameter Value
Base score 3.8 · Low
Attack vector Local
Attack complexity High
Privileges required High
User interaction Required
Scope Unchanged
Confidentiality Low
Integrity impact Low
Availability impact Low
Vector CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L