CVE-2025-55160: 
ImageMagick vulnerability analysis and mitigation

ImageMagick, a free and open-source software used for editing and manipulating digital images, was found to contain a vulnerability (CVE-2025-55160) related to undefined behavior in splay tree cloning callback. The issue was discovered in versions prior to 6.9.13-27 and 7.1.2-1, and was disclosed on August 13, 2025 (GitHub Advisory).

The vulnerability stems from a function-type-mismatch in the splay tree cloning callback. The splay tree clone callback expects a function pointer of type void ()(void ), while ConstantString has a different signature (char ConstantString(const char *)). This mismatch occurs during the coalescing process through the path: CloneImage → CloneImageProfiles → CloneSplayTree. The issue is triggered when parsing minimal 2-byte input via MagickWand followed by coalescing. The CVSS v3.1 score is 6.1 (Medium) with the vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L (GitHub Advisory).

The vulnerability results in a deterministic abort under UBSan (DoS in sanitizer builds). However, in non-sanitized builds, there is no crash, suggesting a likely low security impact. The CVSS scoring indicates no impact on confidentiality, high impact on integrity, and low impact on availability (GitHub Advisory).

The vulnerability has been patched in ImageMagick versions 6.9.13-27 and 7.1.2-1. The suggested fix involves using a wrapper that matches the expected callback prototype or adjusting the splay-tree callback typedef for const-correctness (GitHub Advisory).