CVE-2025-62594: 
C# 脆弱性の分析と軽減

ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. The vulnerability (CVE-2025-62594) was discovered and disclosed on October 27, 2025, affecting the image processing software suite used to create, edit, compose, or convert bitmap images. When tile width or height is zero, unsigned underflow occurs in pointer arithmetic, leading to out-of-bounds memory access, and division-by-zero causes immediate crashes (GitHub Advisory, NVD).

The vulnerability exists in the CLAHEImage() function of ImageMagick's MagickCore/enhance.c. There are two distinct but related unsafe behaviors stemming from the same root cause: 1) An unsigned integer underflow occurs when tileinfo.height is zero, causing the expression tileinfo.height - 1 to wrap to UINTMAX, leading to out-of-bounds pointer arithmetic, and 2) Division-by-zero occurs when either tileinfo.width or tile_info.height is zero during modulus operations. The vulnerability has a CVSS v3.1 base score of 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (NVD, GitHub Advisory).

The primary impact is a Denial-of-Service condition through either immediate process crashes or sustained resource exhaustion. When exploited, the vulnerability can cause significant memory consumption, memory region corruption, and process crashes. The issue can be triggered via CLI using 'clahe 0x0!' or by uploading very small images to services using ImageMagick. While theoretical secondary impacts include potential memory corruption, no reliable code execution has been demonstrated (GitHub Advisory).

The vulnerability has been patched in ImageMagick version 7.1.2-8. The fix includes input validation and bounds checks after computing default tile dimensions, ensuring that tile width and height cannot be zero. The patch also includes proper handling of exact tiles requests and automatic tile derivation (GitHub Advisory, NVD).