CVE-2025-68469
Unknown Unknown - Not Provided
Crash Vulnerability in ImageMagick TIFF Processing Causes Denial of Service

Publication date: 2025-12-18

Last updated on: 2025-12-18

Assigner: GitHub, Inc.

Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-18
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-12-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-68469
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
imagemagick imagemagick 7.1.1-13
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-68469 is a heap-based buffer overflow vulnerability in ImageMagick versions up to 7.1.1-13. It occurs when processing a specially crafted TIFF file, causing the application to crash. This overflow happens in a heap-allocated buffer, which can lead to instability or denial of service. The issue was fixed in version 7.1.1-14. [1]


How can this vulnerability impact me? :

This vulnerability can cause ImageMagick to crash when processing malicious TIFF files, potentially leading to denial of service. Since it is a low severity heap-based buffer overflow, it primarily impacts application stability rather than allowing remote code execution or data breach. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by attempting to process a specially crafted TIFF file that triggers the heap-based buffer overflow. A proof-of-concept (PoC) TIFF file can be used with the command: `magick poc.tiff /dev/null`. If the ImageMagick application crashes during this operation, the system is vulnerable. [1]


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, immediately upgrade ImageMagick to version 7.1.1-14 or later, where the issue has been fixed. Avoid processing untrusted or specially crafted TIFF files until the update is applied. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart