EUVD-2025-25837

Malicious code in bioql PyPI...

Heap-Based Buffer Overflow

ImageMagick is vulnerable to heap-based buffer overflow. The vulnerability is due to a 32-bit integer overflow in the BMP encoder’s scanline-stride computation, which allows an attacker to overwrite adjacent heap memory with controlled bytes leading to heap corruption...

CVE-2025-57803

ImageMagick is affected by CVE-2025-57803 on 32-bit builds via the BMP decoder (ReadBMP). In coders/bmp.c, the vulnerability arises when computing extent = image->columns × bits_per_pixel, which overflows a 32-bit size_t and collapses bytes_per_line to a small value, causing the per-row writer...

CVE-2025-57803 ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytesperline stride to a tiny value while the...

GHSA-MXVV-97WH-CFMM ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow

Summary A 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytesperline stride to a tiny value while the per-row writer still emits 3 × width bytes for 24-bpp images. The row base pointer advances using the overflowed stride, so the first row immediately writes...