| Package | imagemagick |
|---|---|
| Version | 8:6.9.7.4+dfsg-11+deb9u24 (stretch), 8:6.9.10.23+dfsg-2.1+deb10u13 (buster) |
| Related CVEs | CVE-2025-65955 CVE-2025-66628 CVE-2025-68618 CVE-2025-68950 CVE-2025-69204 |
Multiple vulnerabilities were fixed in imagemagick an image manipulation software suite.
CVE-2025-65955
A vulnerability was found in ImageMagick’s Magick++ layer that
manifests when Options::fontFamily is invoked with an empty
string. Clearing a font family calls RelinquishMagickMemory on
_drawInfo->font, freeing the font string but leaving _drawInfo->font
pointing to freed memory while _drawInfo->family is set to that
(now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font
re-frees or dereferences dangling memory. DestroyDrawInfo and other
setters (Options::font, Image::font) assume _drawInfo->font remains
valid, so destruction or subsequent updates trigger crashes or heap
corruption
CVE-2025-66628
The TIM (PSX TIM) image parser contains a critical integer overflow
vulnerability in its ReadTIMImage function (coders/tim.c). The code
reads width and height (16-bit values) from the file header and
calculates image_size = 2 * width * height without checking for
overflow. On 32-bit systems (or where size_t is 32-bit), this
calculation can overflow if width and height are large (e.g., 65535),
wrapping around to a small value
CVE-2025-68618
Magick's failure to limit the depth of SVG file reads caused
a DoS attack.
CVE-2025-68950
Magick's failure to limit MVG mutual references forming a loop
CVE-2025-69204
Converting a malicious MVG file to SVG caused an integer overflow.
For Debian 10 buster, these problems have been fixed in version 8:6.9.10.23+dfsg-2.1+deb10u13.
For Debian 9 stretch, these problems have been fixed in version 8:6.9.7.4+dfsg-11+deb9u24.
We recommend that you upgrade your imagemagick packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.