CVE-2025-68950 in ImageMagick
Summary
by MITRE • 12/30/2025
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows reading the mvg file will be affected. Version 7.1.2-12 fixes the issue.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 01/09/2026
ImageMagick represents a widely deployed image processing library that handles numerous file formats including the Multi-Value Graphics format commonly known as MVG. This vulnerability affects versions prior to 7.1.2-12 where the software fails to properly validate circular reference chains within MVG files. The flaw manifests when the system attempts to parse MVG content containing recursive references between multiple graphic elements, creating an infinite loop that consumes stack memory until exhaustion. This particular vulnerability falls under the category of stack overflow conditions that can be exploited to cause denial of service across all systems processing MVG files regardless of their source or execution context.
The technical nature of this vulnerability stems from inadequate input validation mechanisms within the MVG parser component of ImageMagick. When encountering circular references in MVG files, the parsing routine does not implement proper cycle detection or depth limiting mechanisms that would prevent recursive processing from consuming excessive stack resources. This behavior creates a predictable stack exhaustion scenario where each recursive call adds another frame to the call stack without proper termination conditions, ultimately leading to a stack overflow condition that terminates the application process. The vulnerability directly relates to CWE-674, which addresses uncontrolled recursion in software implementations.
The operational impact of this vulnerability extends across multiple threat scenarios where attackers can leverage the DoS condition through various attack vectors including web applications, file upload mechanisms, or automated processing pipelines that utilize ImageMagick for image handling. Any system that accepts or processes MVG files from untrusted sources becomes vulnerable to this attack, making it particularly dangerous in web environments where users can upload arbitrary files. The vulnerability can be exploited by constructing a malicious MVG file containing circular references that trigger the stack overflow condition during normal processing operations.
Mitigation strategies should focus on immediate version updates to 7.1.2-12 or later releases that contain the necessary patch for circular reference detection. Organizations should also implement additional protective measures including input validation for file types, sandboxed processing environments, and restrictive file access controls that limit the scope of potential exploitation. From an operational security perspective, the vulnerability aligns with ATT&CK technique T1499.004 which covers network denial of service attacks, and should be monitored through security information and event management systems for potential exploitation attempts. Additionally, implementing proper resource limits and stack overflow protection mechanisms within application environments can provide additional defense in depth against similar vulnerabilities in other components of the system.