{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T19:21:28.005","vulnerabilities":[{"cve":{"id":"CVE-2025-55298","sourceIdentifier":"security-advisories@github.com","published":"2025-08-26T18:15:47.583","lastModified":"2025-11-03T19:16:12.337","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2."},{"lang":"es","value":"ImageMagick es un software gratuito y de código abierto que se utiliza para editar y manipular imágenes digitales. Antes de las versiones 6.9.13-28 y 7.1.2-2 de ImageMagick, existía una vulnerabilidad de error de formato de cadena en la función InterpretImageFilename, donde la entrada del usuario se pasaba directamente a FormatLocaleString sin la debida depuración. Un atacante podía sobrescribir regiones de memoria arbitrarias, lo que permitía una amplia gama de ataques, desde el desbordamiento de pila hasta la ejecución remota de código. Este problema se ha corregido en las versiones 6.9.13-28 y 7.1.2-2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-123"},{"lang":"en","value":"CWE-134"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.13-28","matchCriteriaId":"B123C6EB-CD31-49C5-96C3-41A560B87CD5"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0-0","versionEndExcluding":"7.1.2-2","matchCriteriaId":"84949254-D128-4390-9EBB-74CE243F85BB"}]}]}],"references":[{"url":"https://github.com/ImageMagick/ImageMagick/commit/439b362b93c074eea6c3f834d84982b43ef057d5","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9ccg-6pjw-x645","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9ccg-6pjw-x645","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}}]}