CVE-2025-65955

CVSS v3.1

6.1

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-9 ImageMagick versions prior to 6.9.13-34

Description ImageMagick is software used for editing and manipulating digital images. A flaw exists in the Magick++ layer when the Options::fontFamily function is called with an empty string. This can lead to memory being freed while a pointer still references it, resulting in crashes or heap corruption during cleanup or reuse. Specifically, calling RelinquishMagickMemory on drawInfo->font frees the font string, but drawInfo->font continues to point to the freed memory while drawInfo->family is set to that invalid pointer. Functions like DestroyDrawInfo, Options::font, and Image::font assume drawInfo->font remains valid, and their use can trigger crashes or heap corruption.

Recommendations Update ImageMagick to version 7.1.2-9 or later. Update ImageMagick to version 6.9.13-34 or later.

Exploit

Fix

Use After Free

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-415

Related Identifiers

BDU:2026-00323

CVE-2025-65955

DLA-4429-1

GHSA-Q3HC-J9X5-MP9M

OPENSUSE-SU-2025:15816-1

OPENSUSE-SU-2026:20118-1

SUSE-SU-2025:4427-1

SUSE-SU-2025:4428-1

SUSE-SU-2026:0011-1

SUSE-SU-2026:0013-1

SUSE-SU-2026:20183-1

Affected Products

Debian

Imagemagick

Red Os

CVE-2025-65955

Weakness Enumeration

Related Identifiers

Affected Products

References · 51