Write-what-where Condition

CVE-2025-55298

High

8.8/10

Summary

ImageMagick is free and open-source software used for editing and manipulating digital images. Affected versions of ImageMagick are CPP package versions prior to 6.9.13-28 and 7.1.2-2, as well as NuGet packages versions prior to 14.8.1, where a Format String bug vulnerability exists in "InterpretImageFilename()" function where user input is directly passed to "FormatLocaleString" without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from Heap Overflow to Remote Code Execution.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-123 - Write-what-where Condition

Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.

References

Advisory

Advisory Timeline

Published Aug 26, 2025

Write-what-where Condition

CVE-2025-55298

Summary

CWE-123 - Write-what-where Condition

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS