CVE-2025-53019: 
ImageMagick vulnerability analysis and mitigation

ImageMagick, a free and open-source software used for editing and manipulating digital images, was found to contain a memory leak vulnerability (CVE-2025-53019) in versions prior to 7.1.2-0 and 6.9.13-26. The vulnerability was discovered in July 2025 and specifically affects the magick stream command when processing multiple consecutive %d format specifiers in a filename template (GitHub Advisory, NVD).

The vulnerability manifests as a memory leak in the ImageMagick's magick stream command when handling filename templates with multiple consecutive %d format specifiers. The issue was identified using AddressSanitizer, which detected a direct leak of 152 bytes and an indirect leak of 64 bytes in the affected components. The vulnerability has been assigned a CVSS v3.1 base score of 3.7 (LOW) with a vector string of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L, indicating network attack vector with high complexity and potential impact on system availability (GitHub Advisory).

The vulnerability's impact is primarily focused on system availability, with no direct effect on confidentiality or integrity. The memory leak could potentially lead to resource exhaustion over time, affecting system performance and stability (GitHub Advisory).

The vulnerability has been patched in ImageMagick versions 7.1.2-0 and 6.9.13-26. Users are advised to upgrade to these or later versions to address the memory leak issue (GitHub Advisory).