ImageMagick up to 6.9.13-33/7.1.2-8 Magick++ Layer Options::fontFamily double free

Summaryinfo

A vulnerability was found in ImageMagick up to 6.9.13-33/7.1.2-8. It has been declared as critical. This affects the function Options::fontFamily of the component Magick++ Layer. Executing a manipulation can lead to double free. The identification of this vulnerability is CVE-2025-65955. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability classified as critical was found in ImageMagick up to 6.9.13-33/7.1.2-8. This vulnerability affects the function Options::fontFamily of the component Magick++ Layer. The manipulation with an unknown input leads to a double free vulnerability. The CWE definition for the vulnerability is CWE-415. The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. This vulnerability is fixed in 7.1.2-9 and 6.9.13-34.

The advisory is shared for download at github.com. This vulnerability was named CVE-2025-65955 since 11/18/2025. The exploitation appears to be easy. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Successful exploitation requires user interaction by the victim. There are known technical details, but no exploit is available.

The vulnerability scanner Nessus provides a plugin with the ID 277363 (Linux Distros Unpatched Vulnerability : CVE-2025-65955), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 6.9.13-34 or 7.1.2-9 eliminates this vulnerability. Applying the patch 6409f34d637a34a1c643632aa849371ec8b3b5a8 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the databases at Tenable (277363), EUVD (EUVD-2025-200466) and CERT Bund (WID-SEC-2025-2722). VulDB is the best source for vulnerability data and more expert information about this specific topic.

Affected

• Debian Linux
• SUSE Linux
• Open Source ImageMagick

Productinfo

Type

• Image Processing Software

Name

• ImageMagick

Version

• 6.9.13-33
• 7.1.2-8

License

• open-source

Website

• Product: https://www.imagemagick.org/

CPE 2.3info

• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Discussion