Memory Corruption in ImageMagick's Magick++ Layer Affecting Open Source Software
CVE-2025-65955
4.9MEDIUM
What is CVE-2025-65955?
A vulnerability exists in the Magick++ layer of ImageMagick when Options::fontFamily is called with an empty string. This improper handling leads to memory corruption, as the cleanup process of the font family attempts to access a freed memory pointer. Subsequent operations on this dangling pointer can cause crashes or lead to heap corruption in the application. Fixes have been introduced in versions 7.1.2-9 and 6.9.13-34 to prevent this issue.
Affected Version(s)
ImageMagick >= 7.0.1-0, < 7.1.2-9 < 7.0.1-0, 7.1.2-9
ImageMagick < 6.9.13-34 < 6.9.13-34
References
CVSS V3.1
Score:
4.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved