| Reporter | Title | Published | Views | Family All 73 |
|---|---|---|---|---|
| CVE-2025-66628 | 10 Dec 202522:04 | – | alpinelinux | |
| The vulnerability of the ReadTIMImage function in the TIM image analyzer software (PSX TIM), a console-based image editing tool from ImageMagick, allows a hacker to cause a service failure. | 23 Mar 202600:00 | – | bdu_fstec | |
| CVE-2025-66628 vulnerabilities | 21 Apr 202619:17 | – | cgr | |
| CVE-2025-66628 | 6 Jan 202619:07 | – | circl | |
| ImageMagick: Fix of 3 CVEs | 9 Apr 202614:44 | – | cloudlinux | |
| ImageMagick 缓冲区错误漏洞 | 10 Dec 202500:00 | – | cnnvd | |
| CVE-2025-66628 | 10 Dec 202522:04 | – | cve | |
| CVE-2025-66628 ImageMagick is vulnerable to an Integer Overflow in TIM decoder leading to out of bounds read (32-bit only) | 10 Dec 202522:04 | – | cvelist | |
| [SECURITY] [DLA 4429-1] imagemagick security update | 31 Dec 202514:28 | – | debian | |
| CVE-2025-66628 | 10 Dec 202522:04 | – | debiancve |
| Source | Link |
|---|---|
| nessus | www.nessus.org/u |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(278315);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/25");
script_cve_id("CVE-2025-66628");
script_xref(name:"IAVB", value:"2025-B-0205-S");
script_name(english:"ImageMagick < 7.1.2-10 Integer Overflow (GHSA-6hjr-v6g4-3fm8)");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an application installed that is affected by an integer overflow vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote Windows host has a version of ImageMagick installed that is prior to 7.1.2-10. It is, therefore, affected
by an integer overflow vulnerability.
ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the
TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in its ReadTIMImage function
(coders/tim.c). The code reads width and height (16-bit values) from the file header and calculates image_size = 2 *
width * height without checking for overflow. On 32-bit systems (or where size_t is 32-bit), this calculation can
overflow if width and height are large (e.g., 65535), wrapping around to a small value. This results in a small heap
allocation via AcquireQuantumMemory and later operations relying on the dimensions can trigger an out of bounds read.
This issue is fixed in version 7.1.2-10.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hjr-v6g4-3fm8
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ef7b8e74");
script_set_attribute(attribute:"solution", value:
"Upgrade to ImageMagick version 7.1.2-10 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-66628");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/12/10");
script_set_attribute(attribute:"patch_publication_date", value:"2025/12/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/12/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:imagemagick:imagemagick");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("imagemagick_installed.nasl");
script_require_keys("installed_sw/ImageMagick");
exit(0);
}
include('vcf.inc');
var app_info = vcf::combined_get_app_info(app:'ImageMagick');
var arch = get_kb_item('SMB/ARCH');
# if it's not definitely 32 bit arch, require paranoia to flag in case 32 bit version of ImageMagick is installed
if (arch != 'x86' && report_paranoia < 2)
{
audit(AUDIT_POTENTIAL_VULN, 'ImageMagick');
}
var constraints = [
{ 'fixed_version' : '7.1.2.10', 'fixed_display' : '7.1.2-10'}
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation