CVE-2025-55005: 
ImageMagick vulnerability analysis and mitigation

CVE-2025-55005 is a heap-buffer overflow vulnerability discovered in ImageMagick versions prior to 7.1.2-1. The vulnerability was identified in the log colorspace handling functionality, specifically when transforming from Log to sRGB colorspaces. The issue was discovered and reported by Google Big Sleep team in August 2025 (ImageMagick Advisory).

The vulnerability occurs in the logmap construction process when handling reference-black or reference-white values larger than 1024. The code fails to properly validate these values, leading to memory corruption beyond the allocated logmap buffer. The issue specifically manifests in the TransformsRGBImage function within the colorspace.c file. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Moderate) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (ImageMagick Advisory).

When exploited, this vulnerability can lead to heap-buffer overflow conditions, potentially resulting in program crashes and denial of service. The CVSS metrics indicate high impact on availability while confidentiality and integrity remain unaffected. The vulnerability requires local access and user interaction to be exploited (ImageMagick Advisory).

The vulnerability has been patched in ImageMagick version 7.1.2-1. Users are advised to upgrade to this version or later. For those unable to upgrade immediately, implementing a security policy that blocks the MIFF file format can help mitigate the risk. The websafe policy is noted to provide protection against this specific attack vector (ImageMagick Advisory).