Overview
CVE-2025-65955 is a medium severity vulnerability affecting ImageMagick, a popular open-source software suite used for displaying, converting, and editing raster image files. This vulnerability resides in the Magick++ layer and occurs when handling font families. Specifically, invoking Options::fontFamily with an empty string can lead to a double-free or use-after-free condition, potentially causing crashes or heap corruption. This issue has been addressed in ImageMagick versions 7.1.2-9 and 6.9.13-34.
Technical Details
The vulnerability stems from improper memory management within ImageMagick’s font handling routines. When Options::fontFamily is called with an empty string, it clears the font family, which in turn calls RelinquishMagickMemory on _drawInfo->font. This frees the memory associated with the font string. However, _drawInfo->font remains a dangling pointer pointing to the now-freed memory. Furthermore, _drawInfo->family is also set to this invalid pointer.
Subsequent cleanup processes or reuse of _drawInfo->font attempt to re-free or dereference this dangling pointer. Functions like DestroyDrawInfo, Options::font, and Image::font all assume that _drawInfo->font remains valid, leading to crashes or heap corruption when they are invoked.
Vulnerable Code Snippet (Conceptual):
// Simplified representation of the vulnerable logic
void Options::fontFamily(const std::string& family) {
if (family.empty()) {
if (_drawInfo->font) {
RelinquishMagickMemory(_drawInfo->font); // Free the memory
_drawInfo->font = nullptr; // Dangling pointer!
_drawInfo->family = _drawInfo->font; // also dangling pointer
}
} else {
// Normal font assignment logic
}
}
CVSS Analysis
- CVE ID: CVE-2025-65955
- Severity: MEDIUM
- CVSS Score: 4.9
A CVSS score of 4.9 indicates a Medium severity vulnerability. While the impact can include denial-of-service (crash) or potential for heap corruption, the exploitability may require specific conditions or user interaction.
Possible Impact
Successful exploitation of this vulnerability can lead to:
- Denial of Service (DoS): ImageMagick processes may crash, disrupting image processing workflows.
- Heap Corruption: Under certain conditions, exploitation could lead to heap corruption. This could potentially allow for arbitrary code execution, but this is less likely and would depend on the specific environment and how ImageMagick is being used.
Mitigation or Patch Steps
To mitigate this vulnerability, it is highly recommended to upgrade to the following versions or later:
- ImageMagick 7.1.2-9
- ImageMagick 6.9.13-34
If upgrading is not immediately feasible, carefully review your application’s usage of ImageMagick, particularly any code that handles font family settings. Avoid passing empty strings to Options::fontFamily or similar font setting functions as a temporary workaround.
