Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Linux Distros Unpatched Vulnerability : CVE-2025-62171

🗓️ 27 Oct 2025 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 1 Views

ImageMagick BMP decoder overflow on thirty-two-bit builds (CVE-2025-62171); fixed in 7.1.2-7 and 6.9.13-32.

Related
Refs
Code
ReporterTitlePublishedViews
Family
AlpineLinux		CVE-2025-57803
26 Aug 202517:25
alpinelinux
AlpineLinux		CVE-2025-62171
17 Oct 202516:30
alpinelinux
AstraLinux		 Astra Linux - уязвимость в imagemagick
3 May 202623:59
astralinux
Circl		CVE-2025-57803
26 Aug 202506:17
circl
Circl		CVE-2025-62171
17 Oct 202509:03
circl
CNNVD		ImageMagick 安全漏洞
26 Aug 202500:00
cnnvd
CNNVD		ImageMagick 输入验证错误漏洞
17 Oct 202500:00
cnnvd
CVE		CVE-2025-57803
26 Aug 202517:25
cve
CVE		CVE-2025-62171
17 Oct 202516:30
cve
Cvelist		CVE-2025-57803 ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow
26 Aug 202517:25
cvelist
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(271682);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/23");

  script_cve_id("CVE-2025-62171");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2025-62171");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - ImageMagick is an open source software suite for displaying, converting, and editing raster image files.
    In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the
    BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating the extent value
    by multiplying image columns by bits per pixel. On 32-bit systems with size_t of 4 bytes, a malicious BMP
    file with specific dimensions can cause this multiplication to overflow and wrap to zero. The overflow
    check added to address CVE-2025-57803 is placed after the overflow occurs, making it ineffective. A
    specially crafted 58-byte BMP file with width set to 536,870,912 and 32 bits per pixel can trigger this
    overflow, causing the bytes_per_line calculation to become zero. This vulnerability only affects 32-bit
    builds of ImageMagick where default resource limits for width, height, and area have been manually
    increased beyond their defaults. 64-bit systems with size_t of 8 bytes are not vulnerable, and systems
    using default ImageMagick resource limits are not vulnerable. The vulnerability is fixed in versions
    7.1.2-7 and 6.9.13-32. (CVE-2025-62171)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2025-62171");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:U/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-62171");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/10/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/10/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.10");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:imagemagick");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-25.04", "Host/OS/Ubuntu Linux-25.10");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-25.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "25.04",
        "pkgs": [
          {"reference": "imagemagick"}
        ]
      }
    ]
  },
  "Ubuntu Linux-25.10": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "25.10",
        "pkgs": [
          {"reference": "imagemagick"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
23 Feb 2026 00:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.17.5 - 8.8
EPSS0.00136
SSVC
ImageMagickBMP decoderthirty two bitcve 2025 62171
1