Debian 11: imagemagick Critical Security Flaws DLA-4429-1 CVE-2025-65955
debian lts
December 31, 2025
Multiple vulnerabilities were fixed in imagemagick a popular image processing suite
Topics Covered
Summary
CVE-2025-65955
A vulnerability was found in ImageMagick���s Magick++ layer that
manifests when Options::fontFamily is invoked with an empty
string. Clearing a font family calls RelinquishMagickMemory on
_drawInfo->font, freeing the font string but leaving _drawInfo->font
pointing to freed memory while _drawInfo->family is set to that
(now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font
re-frees or dereferences dangling memory. DestroyDrawInfo and other
setters (Options::font, Image::font) assume _drawInfo->font remains
valid, so destruction or subsequent updates trigger crashes or heap
corruption
CVE-2025-66628
The TIM (PSX TIM) image parser contains a critical integer overflow
vulnerability in its ReadTIMImage function (coders/tim.c). The code
reads width and height (16-bit values) from the file header and
calculates image_size = 2 * width * height without checking for
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: imagemagick
Version: 8:6.9.11.60+dfsg-1.3+deb11u8
CVE ID: CVE-2025-65955 CVE-2025-66628 CVE-2025-68469 CVE-2025-68618
Debian Bug: 1122584 1122827
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!