CVE-2025-65955 - Vulnerability Details

Further research determined the issue is not a vulnerability.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Imagemagick	Imagemagick

No data.

References

Link	Providers
https://github.com/ImageMagick/ImageMagick/commit/6409f34d637a34a1c643632aa849371ec8b3b5a8
https://github.com/ImageMagick/ImageMagick/commit/6f81eb15f822ad86e8255be75efad6f9762c32f8
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q3hc-j9x5-mp9m
https://nvd.nist.gov/vuln/detail/CVE-2025-65955
https://www.cve.org/CVERecord?id=CVE-2025-65955

History

Sat, 06 Dec 2025 00:30:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:imagemagick:imagemagick::::::::

Sat, 06 Dec 2025 00:15:00 +0000

Type	Values Removed	Values Added
Title	ImageMagick has a use-after-free/double-free risk in Options::fontFamily when clearing family	imagemagick: ImageMagick use-after-free/double-free
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 06 Dec 2025 00:00:00 +0000

Type	Values Removed	Values Added
Description	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. This vulnerability is fixed in 7.1.2-9 and 6.9.13-34.	Further research determined the issue is not a vulnerability.

Fri, 05 Dec 2025 19:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:imagemagick:imagemagick::::::::

Wed, 03 Dec 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 03 Dec 2025 12:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Imagemagick Imagemagick imagemagick
Vendors & Products		Imagemagick Imagemagick imagemagick
References		https://nvd.nist.gov/vuln/detail/CVE-2025-65955 https://www.cve.org/CVERecord?id=CVE-2025-65955
Metrics	threat_severity `None`	threat_severity `Moderate`

Tue, 02 Dec 2025 23:15:00 +0000

Type	Values Removed	Values Added
Description		ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. This vulnerability is fixed in 7.1.2-9 and 6.9.13-34.
Title		ImageMagick has a use-after-free/double-free risk in Options::fontFamily when clearing family
Weaknesses		CWE-415 CWE-416
References		https://github.com/ImageMagick/ImageMagick/commit/6409f34d637a34a1c643632aa849371ec8b3b5a8 https://github.com/ImageMagick/ImageMagick/commit/6f81eb15f822ad86e8255be75efad6f9762c32f8 https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q3hc-j9x5-mp9m
Metrics		cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L'}`

MITRE

Status: REJECTED

Assigner: GitHub_M

Published: 2025-12-02T23:02:58.856Z

Updated: 2025-12-05T23:53:17.205Z

Reserved: 2025-11-18T16:14:56.693Z

Link: CVE-2025-65955

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2025-12-02T23:15:45.603

Modified: 2025-12-06T00:15:46.647

Link: CVE-2025-65955

Redhat

Severity : Moderate

Publid Date: 2025-12-02T23:02:58Z

Links: CVE-2025-65955 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object