CVE-2025-55212: ImageMagick DOS Vulnerability

CVE-2025-55212 Overview

CVE-2025-55212 is a Division by Zero vulnerability in ImageMagick, the widely-used open-source image processing software. The vulnerability exists in the geometry parsing functionality where passing a malformed geometry string containing only a colon (":") to the montage -geometry command causes GetGeometry() to set width and height values to zero. Subsequently, when ThumbnailImage() attempts to process these dimensions, it performs a division by zero, triggering a SIGFPE signal or abort that crashes the application.

This vulnerability allows remote attackers to cause a denial of service condition against any system processing user-supplied geometry strings through ImageMagick's montage utility.

Critical Impact
Remote attackers can crash ImageMagick-based applications by supplying a specially crafted geometry string, causing denial of service for image processing services.

Affected Products

ImageMagick versions prior to 6.9.13-28
ImageMagick versions prior to 7.1.2-2
Magick.NET versions prior to 14.8.1

Discovery Timeline

August 26, 2025 - CVE-2025-55212 published to NVD
November 3, 2025 - Last updated in NVD database

Technical Details for CVE-2025-55212

Vulnerability Analysis

This vulnerability represents a classic division by zero condition (CWE-369) that occurs due to insufficient input validation in ImageMagick's geometry parsing code. The flaw is triggered when the GetGeometry() function in MagickCore/geometry.c processes a geometry string that contains only a colon character. Under these conditions, the function sets both width and height parameters to zero without proper validation.

The vulnerable code path continues into ThumbnailImage() in MagickCore/resize.c, where these zero-valued dimensions are used in arithmetic operations. When a division operation encounters these zero values, the CPU raises a floating-point exception (SIGFPE), causing the process to terminate abruptly. This attack can be triggered remotely through any application that passes user-controlled input to ImageMagick's geometry processing functions.

Root Cause

The root cause lies in the GetGeometry() function's failure to validate that parsed width and height values are non-zero before returning them to the caller. When a geometry string like ":" is provided, the parsing logic results in zero dimensions being set. The ThumbnailImage() function then uses these values in division operations without checking for zero, leading to the crash.

The vulnerability specifically manifests when the montage command's -geometry option receives malformed input, as this code path does not include the necessary bounds checking to prevent zero-dimension processing.

Attack Vector

The attack vector is network-accessible, requiring no privileges or user interaction. An attacker can exploit this vulnerability by:

Identifying an application or web service that uses ImageMagick to process images
Submitting a request with the malformed geometry string ":" to the vulnerable endpoint
The application crashes when ImageMagick attempts to process the geometry parameter

The following patch removes the vulnerable zero-dimension check from ThumbnailImage():

   assert(exception->signature == MagickCoreSignature);
   if (IsEventLogging() != MagickFalse)
     (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",image->filename);
-  if ((columns == 0) || (rows == 0))
-    ThrowImageException(ImageError,"NegativeOrZeroImageSize");
   thumbnail_image=CloneImage(image,0,0,MagickTrue,exception);
   if (thumbnail_image == (Image *) NULL)
     return(thumbnail_image);

Source: ImageMagick Commit Note

Detection Methods for CVE-2025-55212

Indicators of Compromise

Application crashes with SIGFPE or floating-point exception signals in ImageMagick processes
Log entries showing geometry parsing errors with malformed input strings containing only colons
Unusual termination of image processing services without error recovery
Core dumps from ImageMagick montage operations

Detection Strategies

Monitor for SIGFPE signals in processes running ImageMagick binaries
Implement input validation rules to detect geometry strings matching the pattern "^:$" or similar malformed inputs
Deploy application-level logging to capture geometry parameter values before processing
Use process monitoring to detect repeated crashes of ImageMagick-related services

Monitoring Recommendations

Configure system crash handlers to alert on SIGFPE signals from ImageMagick processes
Implement rate limiting on image processing endpoints to mitigate DoS impact
Enable verbose logging for ImageMagick operations to capture attack attempts
Monitor for patterns of failed image processing requests that may indicate exploitation attempts

How to Mitigate CVE-2025-55212

Immediate Actions Required

Upgrade ImageMagick to version 6.9.13-28 or later for the 6.x branch
Upgrade ImageMagick to version 7.1.2-2 or later for the 7.x branch
For Magick.NET users, upgrade to version 14.8.1 or later
Implement input validation to reject malformed geometry strings before passing to ImageMagick

Patch Information

ImageMagick has released patched versions that address this vulnerability. The fix was implemented in commit 5f0bcf986b8b5e90567750d31a37af502b73f2af. Users should update to the following versions:

ImageMagick 6.x: Upgrade to 6.9.13-28 or later
ImageMagick 7.x: Upgrade to 7.1.2-2 or later

Debian users should refer to the Debian LTS Announcement for distribution-specific updates.

For additional technical details, see the GitHub Security Advisory.

Workarounds

Validate all geometry input strings before passing to ImageMagick, rejecting any input that does not match expected numeric patterns
Implement application-level input sanitization to filter out malformed geometry strings
Use process isolation or containerization to limit the impact of crashes on the broader system
Consider using ImageMagick's policy.xml to restrict potentially dangerous operations

bash

# Configuration example
# Add input validation in shell scripts before calling ImageMagick
validate_geometry() {
    if [[ "$1" =~ ^[0-9]+x[0-9]+ ]]; then
        return 0
    else
        echo "Invalid geometry string rejected"
        return 1
    fi
}

# Usage: validate_geometry "$user_input" && montage -geometry "$user_input" ...

CVE-2025-55212 Overview

This vulnerability allows remote attackers to cause a denial of service condition against any system processing user-supplied geometry strings through ImageMagick's montage utility.

Critical Impact
Remote attackers can crash ImageMagick-based applications by supplying a specially crafted geometry string, causing denial of service for image processing services.

Affected Products

ImageMagick versions prior to 6.9.13-28
ImageMagick versions prior to 7.1.2-2
Magick.NET versions prior to 14.8.1

Discovery Timeline

August 26, 2025 - CVE-2025-55212 published to NVD
November 3, 2025 - Last updated in NVD database

Technical Details for CVE-2025-55212

Vulnerability Analysis

Root Cause

Attack Vector

The attack vector is network-accessible, requiring no privileges or user interaction. An attacker can exploit this vulnerability by:

Identifying an application or web service that uses ImageMagick to process images
Submitting a request with the malformed geometry string ":" to the vulnerable endpoint
The application crashes when ImageMagick attempts to process the geometry parameter

The following patch removes the vulnerable zero-dimension check from ThumbnailImage():

   assert(exception->signature == MagickCoreSignature);
   if (IsEventLogging() != MagickFalse)
     (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",image->filename);
-  if ((columns == 0) || (rows == 0))
-    ThrowImageException(ImageError,"NegativeOrZeroImageSize");
   thumbnail_image=CloneImage(image,0,0,MagickTrue,exception);
   if (thumbnail_image == (Image *) NULL)
     return(thumbnail_image);

Source: ImageMagick Commit Note

Detection Methods for CVE-2025-55212

Indicators of Compromise

Application crashes with SIGFPE or floating-point exception signals in ImageMagick processes
Log entries showing geometry parsing errors with malformed input strings containing only colons
Unusual termination of image processing services without error recovery
Core dumps from ImageMagick montage operations

Detection Strategies

Monitor for SIGFPE signals in processes running ImageMagick binaries
Implement input validation rules to detect geometry strings matching the pattern "^:$" or similar malformed inputs
Deploy application-level logging to capture geometry parameter values before processing
Use process monitoring to detect repeated crashes of ImageMagick-related services

Monitoring Recommendations

Configure system crash handlers to alert on SIGFPE signals from ImageMagick processes
Implement rate limiting on image processing endpoints to mitigate DoS impact
Enable verbose logging for ImageMagick operations to capture attack attempts
Monitor for patterns of failed image processing requests that may indicate exploitation attempts

How to Mitigate CVE-2025-55212

Immediate Actions Required

Upgrade ImageMagick to version 6.9.13-28 or later for the 6.x branch
Upgrade ImageMagick to version 7.1.2-2 or later for the 7.x branch
For Magick.NET users, upgrade to version 14.8.1 or later
Implement input validation to reject malformed geometry strings before passing to ImageMagick

Patch Information

ImageMagick has released patched versions that address this vulnerability. The fix was implemented in commit 5f0bcf986b8b5e90567750d31a37af502b73f2af. Users should update to the following versions:

ImageMagick 6.x: Upgrade to 6.9.13-28 or later
ImageMagick 7.x: Upgrade to 7.1.2-2 or later

Debian users should refer to the Debian LTS Announcement for distribution-specific updates.

For additional technical details, see the GitHub Security Advisory.

Workarounds

Validate all geometry input strings before passing to ImageMagick, rejecting any input that does not match expected numeric patterns
Implement application-level input sanitization to filter out malformed geometry strings
Use process isolation or containerization to limit the impact of crashes on the broader system
Consider using ImageMagick's policy.xml to restrict potentially dangerous operations

bash

# Configuration example
# Add input validation in shell scripts before calling ImageMagick
validate_geometry() {
    if [[ "$1" =~ ^[0-9]+x[0-9]+ ]]; then
        return 0
    else
        echo "Invalid geometry string rejected"
        return 1
    fi
}

# Usage: validate_geometry "$user_input" && montage -geometry "$user_input" ...

CVE-2025-55212: ImageMagick DOS Vulnerability

CVE-2025-55212 Overview

Critical Impact

Affected Products

Discovery Timeline

Technical Details for CVE-2025-55212

Vulnerability Analysis

Root Cause

Attack Vector

Detection Methods for CVE-2025-55212

Indicators of Compromise

Detection Strategies

Monitoring Recommendations

How to Mitigate CVE-2025-55212

Immediate Actions Required

Patch Information

Workarounds

Experience the World’s Most Advanced Cybersecurity Platform

CVE-2025-55212: ImageMagick DOS Vulnerability

CVE-2025-55212 Overview

Critical Impact

Affected Products

Discovery Timeline

Technical Details for CVE-2025-55212

Vulnerability Analysis

Root Cause

Attack Vector

Detection Methods for CVE-2025-55212

Indicators of Compromise

Detection Strategies

Monitoring Recommendations

How to Mitigate CVE-2025-55212

Immediate Actions Required

Patch Information

Workarounds

Experience the World’s Most Advanced Cybersecurity Platform