Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. This vulnerability is fixed in 7.1.2-9 and 6.9.13-34.

INFO

Published Date :

2025-12-02T23:02:58.856Z

Last Modified :

2025-12-11T20:54:21.709Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-65955 vulnerability.

Vendors Products
Imagemagick
  • Imagemagick
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-65955.

URL Resource
https://github.com/ImageMagick/ImageMagick/commit/6409f34d637a34a1c643632aa849371ec8b3b5a8 cve-icon cve-icon cve-icon
https://github.com/ImageMagick/ImageMagick/commit/6f81eb15f822ad86e8255be75efad6f9762c32f8 cve-icon cve-icon cve-icon
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q3hc-j9x5-mp9m cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-65955 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-65955 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact