CVE-2025-55212: 
C# vulnerability analysis and mitigation

ImageMagick, a free and open-source software used for editing and manipulating digital images, was found to contain a divide-by-zero vulnerability (CVE-2025-55212) prior to versions 6.9.13-28 and 7.1.2-2. The vulnerability was discovered and disclosed on August 26, 2025, affecting all versions of ImageMagick before the patched releases (GitHub Advisory).

The vulnerability occurs when passing a geometry string containing only a colon (":") to montage -geometry command. This input leads GetGeometry() to set width/height to 0, which later causes ThumbnailImage() to perform a division by these zero dimensions. The issue is tracked as CWE-369 (Divide By Zero) and has received varying CVSS scores: NVD rates it as HIGH (7.5) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, while GitHub rates it as LOW (3.7) with vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L (NVD, GitHub Advisory).

When exploited, the vulnerability results in a denial of service condition through an immediate abnormal termination of the ImageMagick process. The crash manifests as either a SIGFPE signal or an abort, depending on the environment. The vulnerability can be triggered without requiring external input files, making it particularly concerning (GitHub Advisory).

The vulnerability has been patched in ImageMagick versions 6.9.13-28 and 7.1.2-2. The fix includes defensive rejection of zero dimensions early in ThumbnailImage() and improved validation in GetGeometry(). Users are advised to upgrade to these patched versions to mitigate the vulnerability (GitHub Advisory, Magick.NET).