CVE-2025-65955

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-65955
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-65955.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-65955
Aliases
Downstream
Published
2025-12-02T23:15:45.603Z
Modified
2025-12-06T13:51:12.953746Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. This vulnerability is fixed in 7.1.2-9 and 6.9.13-34.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/65xxx/CVE-2025-65955.json",
    "cwe_ids": [
        "CWE-415",
        "CWE-416"
    ]
}
References

Affected packages

Git / github.com/imagemagick/imagemagick

Affected ranges

Type
GIT
Repo
https://github.com/imagemagick/imagemagick
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6409f34d637a34a1c643632aa849371ec8b3b5a8
Fixed
6f81eb15f822ad86e8255be75efad6f9762c32f8

Database specific

vanir_signatures

[
    {
        "id": "CVE-2025-65955-0d1ae814",
        "source": "https://github.com/imagemagick/imagemagick/commit/6409f34d637a34a1c643632aa849371ec8b3b5a8",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "190481630504674235377941817915215661061",
                "43599292016995932995905311447961076755",
                "90053385351275835004026485915755642334",
                "28571416119094355070783996500128087243"
            ]
        },
        "target": {
            "file": "MagickWand/mogrify.c"
        },
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "id": "CVE-2025-65955-0ff505c9",
        "source": "https://github.com/imagemagick/imagemagick/commit/6409f34d637a34a1c643632aa849371ec8b3b5a8",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "90225864509631457081905037777006003333",
                "294072310811700088047597965393073734983",
                "59289005089632199450500124492108195183"
            ]
        },
        "target": {
            "file": "Magick++/lib/Image.cpp"
        },
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "id": "CVE-2025-65955-391d10c9",
        "source": "https://github.com/imagemagick/imagemagick/commit/6409f34d637a34a1c643632aa849371ec8b3b5a8",
        "signature_version": "v1",
        "digest": {
            "length": 21990.0,
            "function_hash": "212212465426472466726167002992835247456"
        },
        "target": {
            "file": "MagickWand/mogrify.c",
            "function": "MogrifyImageInfo"
        },
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "id": "CVE-2025-65955-3a10de04",
        "source": "https://github.com/imagemagick/imagemagick/commit/6409f34d637a34a1c643632aa849371ec8b3b5a8",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "37342179605124680902401738289266283587",
                "47997997723597720245939242920126965858",
                "124913685409147088353134674310504897733",
                "70312978894727939740191532771355455028"
            ]
        },
        "target": {
            "file": "MagickCore/draw.c"
        },
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "id": "CVE-2025-65955-6bc103dc",
        "source": "https://github.com/imagemagick/imagemagick/commit/6f81eb15f822ad86e8255be75efad6f9762c32f8",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "72432470263635887114496177689452338123",
                "197041434945087605973817451982168963770",
                "117720230687322663635504847411889752494",
                "60230879242306243520302367922157632486"
            ]
        },
        "target": {
            "file": "Magick++/lib/Options.cpp"
        },
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "id": "CVE-2025-65955-b348bcb5",
        "source": "https://github.com/imagemagick/imagemagick/commit/6409f34d637a34a1c643632aa849371ec8b3b5a8",
        "signature_version": "v1",
        "digest": {
            "length": 3366.0,
            "function_hash": "106265010585496985434694031334024915376"
        },
        "target": {
            "file": "MagickCore/draw.c",
            "function": "GetDrawInfo"
        },
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "id": "CVE-2025-65955-ba53d4a8",
        "source": "https://github.com/imagemagick/imagemagick/commit/6409f34d637a34a1c643632aa849371ec8b3b5a8",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "322054083635948453416300779418841408551",
                "273952746082768830393752109147054165765",
                "137840809942740176678677164495861853552"
            ]
        },
        "target": {
            "file": "Magick++/lib/Magick++/Image.h"
        },
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "id": "CVE-2025-65955-bca84aff",
        "source": "https://github.com/imagemagick/imagemagick/commit/6409f34d637a34a1c643632aa849371ec8b3b5a8",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "162272539969577556621940690850093434871",
                "152914210971778292371710229425749338293",
                "158810812580211878811074774350937395740"
            ]
        },
        "target": {
            "file": "Magick++/lib/Options.cpp"
        },
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "id": "CVE-2025-65955-de4ff2ff",
        "source": "https://github.com/imagemagick/imagemagick/commit/6409f34d637a34a1c643632aa849371ec8b3b5a8",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "71933277940106397954067346869831400309",
                "299085479059047341930295436586762427954",
                "339843267778265026840747496163444535879"
            ]
        },
        "target": {
            "file": "Magick++/lib/Magick++/Options.h"
        },
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "id": "CVE-2025-65955-fc9471c3",
        "source": "https://github.com/imagemagick/imagemagick/commit/6f81eb15f822ad86e8255be75efad6f9762c32f8",
        "signature_version": "v1",
        "digest": {
            "length": 355.0,
            "function_hash": "167484139931766564707917583714750802165"
        },
        "target": {
            "file": "Magick++/lib/Options.cpp",
            "function": "Magick::Options::fontFamily"
        },
        "deprecated": false,
        "signature_type": "Function"
    }
]