Description

ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in its ReadTIMImage function (coders/tim.c). The code reads width and height (16-bit values) from the file header and calculates image_size = 2 * width * height without checking for overflow. On 32-bit systems (or where size_t is 32-bit), this calculation can overflow if width and height are large (e.g., 65535), wrapping around to a small value. This results in a small heap allocation via AcquireQuantumMemory and later operations relying on the dimensions can trigger an out of bounds read. This issue is fixed in version 7.1.2-10.

INFO

Published Date :

2025-12-10T22:04:49.639Z

Last Modified :

2025-12-11T15:38:56.050Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-66628 vulnerability.

Vendors Products
Imagemagick
  • Imagemagick
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66628.

URL Resource
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hjr-v6g4-3fm8 cve-icon cve-icon cve-icon
https://github.com/dlemstra/Magick.NET/commit/2dfa08e15cfd11016a79615994787b14f9048b1c cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-66628 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-66628 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact