Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-68618

Опубликовано: 30 дек. 2025
Источник: redhat
CVSS3: 5.3

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.

A flaw was found in ImageMagick, free and open-source software used for editing and manipulating digital images. An attacker could exploit this vulnerability by providing a specially crafted malicious SVG (Scalable Vector Graphics) file. Processing this file would lead to a Denial of Service (DoS) attack, making the software unavailable to legitimate users.

Отчет

This vulnerability is rated Moderate for Red Hat. A denial of service can occur in ImageMagick when processing a specially crafted malicious SVG file. This flaw can be exploited by an attacker providing a malicious SVG file, leading to the software becoming unavailable.

Меры по смягчению последствий

To mitigate this issue, avoid processing untrusted SVG files with ImageMagick. If processing untrusted SVG content is unavoidable, consider implementing sandboxing mechanisms for applications that utilize ImageMagick to limit the potential impact of a denial of service.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ImageMagickOut of support scope
Red Hat Enterprise Linux 7ImageMagickOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-674
https://bugzilla.redhat.com/show_bug.cgi?id=2426285ImageMagick: ImageMagick: Denial of Service via malicious SVG file

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-68618

CVSS3: 5.3
ubuntu
3 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.

nvd логотип

CVE-2025-68618

CVSS3: 5.3
nvd
3 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.

debian логотип

CVE-2025-68618

CVSS3: 5.3
debian
3 месяца назад

ImageMagick is free and open-source software used for editing and mani ...

suse-cvrf логотип

SUSE-SU-2026:0099-1

suse-cvrf
3 месяца назад

Security update for ImageMagick

github логотип

GHSA-p27m-hp98-6637

CVSS3: 5.3
github
3 месяца назад

ImageMagick's failure to limit the depth of SVG file reads caused a DoS attack

5.3 Medium

CVSS3