CVE-2025-68618

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-68618
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68618.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-68618
Aliases
Downstream
Related
Published
2025-12-30T16:14:24.235Z
Modified
2026-04-24T18:10:01.801488Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
Magick's failure to limit the depth of SVG file reads caused a DoS attack.
Details

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.

Database specific 
{
    "cwe_ids": [
        "CWE-674"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68618.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/imagemagick/imagemagick

Affected ranges

Type
GIT
Repo
https://github.com/imagemagick/imagemagick
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
bdd4fa561d7bf4c6afd40ee9c89e9f9e82b6e88b
Fixed
6f431d445f3ddd609c004a1dde617b0a73e60beb
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.1.2-12"
        }
    ]
}

Affected versions

7.*
7.0.1-0
7.0.1-1
7.0.1-10
7.0.1-2
7.0.1-3
7.0.1-4
7.0.1-5
7.0.1-6
7.0.1-7
7.0.1-8
7.0.1-9
7.0.10-0
7.0.10-1
7.0.10-10
7.0.10-11
7.0.10-12
7.0.10-13
7.0.10-14
7.0.10-15
7.0.10-16
7.0.10-17
7.0.10-18
7.0.10-19
7.0.10-2
7.0.10-20
7.0.10-21
7.0.10-22
7.0.10-23
7.0.10-24
7.0.10-25
7.0.10-26
7.0.10-27
7.0.10-28
7.0.10-29
7.0.10-3
7.0.10-30
7.0.10-31
7.0.10-32
7.0.10-33
7.0.10-34
7.0.10-35
7.0.10-36
7.0.10-37
7.0.10-38
7.0.10-39
7.0.10-4
7.0.10-40
7.0.10-41
7.0.10-42
7.0.10-43
7.0.10-44
7.0.10-45
7.0.10-46
7.0.10-47
7.0.10-48
7.0.10-49
7.0.10-5
7.0.10-50
7.0.10-51
7.0.10-52
7.0.10-53
7.0.10-54
7.0.10-55
7.0.10-56
7.0.10-57
7.0.10-58
7.0.10-59
7.0.10-6
7.0.10-60
7.0.10-61
7.0.10-62
7.0.10-7
7.0.10-8
7.0.10-9
7.0.11-0
7.0.11-1
7.0.11-10
7.0.11-11
7.0.11-12
7.0.11-13
7.0.11-14
7.0.11-2
7.0.11-3
7.0.11-4
7.0.11-5
7.0.11-6
7.0.11-7
7.0.11-8
7.0.11-9
7.0.2-0
7.0.2-1
7.0.2-10
7.0.2-2
7.0.2-3
7.0.2-4
7.0.2-5
7.0.2-6
7.0.2-7
7.0.2-8
7.0.2-9
7.0.3-0
7.0.3-1
7.0.3-10
7.0.3-2
7.0.3-3
7.0.3-4
7.0.3-5
7.0.3-6
7.0.3-7
7.0.3-8
7.0.3-9
7.0.4-0
7.0.4-1
7.0.4-10
7.0.4-2
7.0.4-3
7.0.4-4
7.0.4-5
7.0.4-6
7.0.4-7
7.0.4-8
7.0.4-9
7.0.5-0
7.0.5-1
7.0.5-10
7.0.5-2
7.0.5-3
7.0.5-4
7.0.5-5
7.0.5-6
7.0.5-7
7.0.5-8
7.0.5-9
7.0.6-0
7.0.6-1
7.0.6-2
7.0.6-3
7.0.6-4
7.0.6-5
7.0.6-6
7.0.6-7
7.0.6-8
7.0.6-9
7.0.7-0
7.0.7-1
7.0.7-10
7.0.7-11
7.0.7-12
7.0.7-13
7.0.7-14
7.0.7-15
7.0.7-16
7.0.7-17
7.0.7-18
7.0.7-19
7.0.7-2
7.0.7-20
7.0.7-21
7.0.7-22
7.0.7-23
7.0.7-24
7.0.7-25
7.0.7-26
7.0.7-27
7.0.7-28
7.0.7-29
7.0.7-3
7.0.7-30
7.0.7-31
7.0.7-32
7.0.7-33
7.0.7-34
7.0.7-35
7.0.7-36
7.0.7-37
7.0.7-38
7.0.7-39
7.0.7-4
7.0.7-5
7.0.7-6
7.0.7-8
7.0.7-9
7.0.7.7
7.0.8-0
7.0.8-1
7.0.8-10
7.0.8-11
7.0.8-12
7.0.8-13
7.0.8-14
7.0.8-15
7.0.8-16
7.0.8-17
7.0.8-18
7.0.8-19
7.0.8-2
7.0.8-20
7.0.8-21
7.0.8-22
7.0.8-23
7.0.8-24
7.0.8-25
7.0.8-26
7.0.8-27
7.0.8-28
7.0.8-29
7.0.8-3
7.0.8-30
7.0.8-31
7.0.8-32
7.0.8-33
7.0.8-34
7.0.8-35
7.0.8-36
7.0.8-37
7.0.8-38
7.0.8-39
7.0.8-4
7.0.8-40
7.0.8-41
7.0.8-42
7.0.8-43
7.0.8-44
7.0.8-45
7.0.8-46
7.0.8-47
7.0.8-48
7.0.8-49
7.0.8-5
7.0.8-50
7.0.8-51
7.0.8-52
7.0.8-53
7.0.8-54
7.0.8-55
7.0.8-56
7.0.8-57
7.0.8-58
7.0.8-59
7.0.8-6
7.0.8-60
7.0.8-61
7.0.8-62
7.0.8-63
7.0.8-64
7.0.8-65
7.0.8-66
7.0.8-67
7.0.8-68
7.0.8-7
7.0.8-8
7.0.8-9
7.0.9-0
7.0.9-1
7.0.9-10
7.0.9-11
7.0.9-12
7.0.9-13
7.0.9-14
7.0.9-15
7.0.9-16
7.0.9-17
7.0.9-18
7.0.9-19
7.0.9-2
7.0.9-20
7.0.9-21
7.0.9-22
7.0.9-23
7.0.9-24
7.0.9-25
7.0.9-26
7.0.9-27
7.0.9-4
7.0.9-5
7.0.9-6
7.0.9-7
7.0.9-8
7.0.9-9
7.1.0-0
7.1.0-1
7.1.0-10
7.1.0-11
7.1.0-12
7.1.0-13
7.1.0-14
7.1.0-15
7.1.0-16
7.1.0-17
7.1.0-18
7.1.0-19
7.1.0-2
7.1.0-20
7.1.0-21
7.1.0-22
7.1.0-23
7.1.0-24
7.1.0-25
7.1.0-26
7.1.0-27
7.1.0-28
7.1.0-29
7.1.0-3
7.1.0-30
7.1.0-31
7.1.0-32
7.1.0-33
7.1.0-34
7.1.0-35
7.1.0-36
7.1.0-37
7.1.0-38
7.1.0-39
7.1.0-4
7.1.0-40
7.1.0-41
7.1.0-42
7.1.0-43
7.1.0-44
7.1.0-45
7.1.0-46
7.1.0-47
7.1.0-48
7.1.0-49
7.1.0-5
7.1.0-50
7.1.0-51
7.1.0-52
7.1.0-53
7.1.0-54
7.1.0-55
7.1.0-56
7.1.0-57
7.1.0-58
7.1.0-59
7.1.0-6
7.1.0-60
7.1.0-61
7.1.0-62
7.1.0-7
7.1.0-8
7.1.0-9
7.1.1-0
7.1.1-1
7.1.1-10
7.1.1-11
7.1.1-12
7.1.1-13
7.1.1-14
7.1.1-15
7.1.1-16
7.1.1-17
7.1.1-18
7.1.1-19
7.1.1-2
7.1.1-20
7.1.1-21
7.1.1-22
7.1.1-23
7.1.1-24
7.1.1-25
7.1.1-26
7.1.1-27
7.1.1-28
7.1.1-29
7.1.1-3
7.1.1-30
7.1.1-31
7.1.1-32
7.1.1-33
7.1.1-34
7.1.1-35
7.1.1-36
7.1.1-37
7.1.1-38
7.1.1-39
7.1.1-4
7.1.1-40
7.1.1-41
7.1.1-43
7.1.1-44
7.1.1-45
7.1.1-46
7.1.1-47
7.1.1-5
7.1.1-6
7.1.1-7
7.1.1-8
7.1.1-9
7.1.2-0
7.1.2-1
7.1.2-10
7.1.2-11
7.1.2-2
7.1.2-3
7.1.2-5
7.1.2-6
7.1.2-7
7.1.2-8
7.1.2-9

Database specific

vanir_signatures_modified 
"2026-04-24T18:10:01Z"
vanir_signatures 
[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "129540823984831732160321464379274363897",
                "126590531133209254444425834082066859897",
                "324731682051532078827610813020391541030",
                "251898248266061525560152930483090921851",
                "116312658153710627904296280538153814115",
                "9559516071156074821452140054782923276",
                "201344669587295154712272049026889324660",
                "300134739676120772653278112482412590799",
                "254020223080904480427700264592296546522",
                "46264402522936468814771291634284222129",
                "208871955046657557125563920185251685885",
                "153631846735041851427905275767441843145",
                "126168940316487583155793636077437483947",
                "274919398445588077725070641048162321578",
                "217866122510794606362163052037608864927",
                "310980400215551210438808528350515483298",
                "73226224440322707179800271436442738770",
                "79431759036195497245169981122215423090",
                "83074832186487985488249224389618117003",
                "170074981764803673248261252674708241860",
                "125397002458780609615889634304990258615",
                "265418024263487301107982990779711351389",
                "273770841889238540377468399461414309237",
                "81684689004659649261208021238417386582",
                "249058022505580572774980076959629273950",
                "62550300126225879543500546888486968383",
                "334458588424991935770813373130047332028",
                "208647837910300778621275611592530157556",
                "1096714576152789156071082642627901181",
                "160705267927411717757744753769910249706"
            ]
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "id": "CVE-2025-68618-2f841b35",
        "deprecated": false,
        "target": {
            "file": "coders/msl.c"
        },
        "source": "https://github.com/imagemagick/imagemagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb"
    },
    {
        "digest": {
            "length": 1972.0,
            "function_hash": "265761603207057369449546556933551770815"
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2025-68618-644c7341",
        "deprecated": false,
        "target": {
            "function": "MSLEndElement",
            "file": "coders/msl.c"
        },
        "source": "https://github.com/imagemagick/imagemagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "213940015172551681082658005211231086897",
                "140612635341404803634085352787193325460",
                "54602144370131355229407805846621756972",
                "131385232705127692344606700809189935780"
            ]
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "id": "CVE-2025-68618-7336dd7c",
        "deprecated": false,
        "target": {
            "file": "coders/svg.c"
        },
        "source": "https://github.com/imagemagick/imagemagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb"
    },
    {
        "digest": {
            "length": 28795.0,
            "function_hash": "242963741556281629612603684738292226101"
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2025-68618-b4f5bcfd",
        "deprecated": false,
        "target": {
            "function": "SVGStartElement",
            "file": "coders/svg.c"
        },
        "source": "https://github.com/imagemagick/imagemagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb"
    },
    {
        "digest": {
            "length": 131661.0,
            "function_hash": "295750312408501213953238293117487400343"
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2025-68618-d97e6ef5",
        "deprecated": false,
        "target": {
            "function": "MSLStartElement",
            "file": "coders/msl.c"
        },
        "source": "https://github.com/imagemagick/imagemagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb"
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68618.json"