| Name | CVE-2025-65955 |
| Description | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. This vulnerability is fixed in 7.1.2-9 and 6.9.13-34. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-4429-1 |
| Debian Bugs | 1122827 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| imagemagick (PTS) | bullseye | 8:6.9.11.60+dfsg-1.3+deb11u4 | vulnerable |
| bullseye (security) | 8:6.9.11.60+dfsg-1.3+deb11u8 | fixed | |
| bookworm | 8:6.9.11.60+dfsg-1.6+deb12u3 | vulnerable | |
| bookworm (security) | 8:6.9.11.60+dfsg-1.6+deb12u4 | vulnerable | |
| trixie | 8:7.1.1.43+dfsg1-1+deb13u3 | vulnerable | |
| trixie (security) | 8:7.1.1.43+dfsg1-1+deb13u2 | vulnerable | |
| forky | 8:7.1.2.8+dfsg1-1 | vulnerable | |
| sid | 8:7.1.2.12+dfsg1-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| imagemagick | source | bullseye | 8:6.9.11.60+dfsg-1.3+deb11u8 | DLA-4429-1 | ||
| imagemagick | source | (unstable) | 8:7.1.2.12+dfsg1-1 | 1122827 |
[trixie] - imagemagick <no-dsa> (Minor issue)
[bookworm] - imagemagick <no-dsa> (Minor issue)
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q3hc-j9x5-mp9m
Introduced with: https://github.com/ImageMagick/ImageMagick/commit/6409f34d637a34a1c643632aa849371ec8b3b5a8 (7.0.1-0)
Introduced with: https://github.com/ImageMagick/ImageMagick6/commit/389ba19fa12920416a02f05abf11e40f3d44b4da (6.9.4-0)
Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6f81eb15f822ad86e8255be75efad6f9762c32f8 (7.1.2-9)
Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7d4c27fd4cb2a716a9c1d3346a5e79a692cfe6d8 (6.9.13-34)