CVE-2025-68469 — Heap-based Buffer Overflow in Imagemagick

CWE-122 — Heap-based Buffer Overflow8 documents7 sources

Severity

2.0LOWNVD

EPSS

0.0%

top 92.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick

Timeline

PublishedDec 18

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5imagemagick/imagemagick< 7.1.1-14

▶NVDimagemagick/imagemagick< 7.1.1-14

▶Debianimagemagick/imagemagick< 8:6.9.11.60+dfsg-1.3+deb11u8+3

🔴Vulnerability Details

OSV

CVE-2025-68469: ImageMagick is free and open-source software used for editing and manipulating digital images↗2025-12-18

▶

CVEList

ImageMagick vulnerable to heap-buffer-overflow↗2025-12-18

▶

GHSA

ImageMagick has a heap-buffer-overflow↗2025-08-25

▶

OSV

ImageMagick has a heap-buffer-overflow↗2025-08-25

▶

📋Vendor Advisories

Red Hat

ImageMagick: heap-based buffer overflow via a crafted TIFF file↗2025-12-18

▶

Debian

CVE-2025-68469: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-68469 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶