Login Sign Up

CVE-2025-68469

3.3 LOW
Denial of Service Buffer Overflow

📋 TL;DR

ImageMagick versions before 7.1.1-14 contain a heap-based buffer overflow vulnerability (CWE-122) when processing specially crafted TIFF files. This can cause the application to crash, potentially leading to denial of service. Any system using vulnerable ImageMagick versions to process untrusted TIFF images is affected.

💻 Affected Systems

Products:
  • ImageMagick
Versions: All versions prior to 7.1.1-14
Operating Systems: All platforms running ImageMagick
Default Config Vulnerable: ⚠️ Yes
Notes: Any configuration that processes TIFF files is vulnerable. This includes web applications using ImageMagick for image processing.

📦 What is this software?

Imagemagick by Imagemagick

View all CVEs affecting Imagemagick →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution if the heap overflow can be controlled to execute arbitrary code, though this is unlikely given the CVSS score.

🟠

Likely Case

Denial of service through application crash when processing malicious TIFF files.

🟢

If Mitigated

Minimal impact if systems only process trusted TIFF files or have proper input validation.

🌐 Internet-Facing: MEDIUM - Web applications accepting TIFF uploads could be crashed, but exploitation requires specific file processing.
🏢 Internal Only: LOW - Internal systems processing only trusted TIFF files face minimal risk.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting a malicious TIFF file and getting it processed by vulnerable ImageMagick. No public exploit code is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.1.1-14

Vendor Advisory: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fff3-4rp7-px97

Restart Required: No

Instructions:

1. Update ImageMagick to version 7.1.1-14 or later. 2. For Linux: Use package manager (apt-get update && apt-get install imagemagick). 3. For source: Download from ImageMagick.org and compile. 4. Verify update with 'convert --version'.

🔧 Temporary Workarounds

Disable TIFF processing

linux

Remove or disable TIFF format support in ImageMagick policy.xml

Edit /etc/ImageMagick-7/policy.xml and add: <policy domain="delegate" rights="none" pattern="TIFF" />

Input validation

all

Reject TIFF files from untrusted sources before ImageMagick processing

🧯 If You Can't Patch

  • Implement strict file type validation to reject TIFF files from untrusted sources.
  • Isolate ImageMagick processing to dedicated containers or sandboxes with limited privileges.

🔍 How to Verify

Check if Vulnerable:

Run 'convert --version' and check if version is below 7.1.1-14.

Check Version:

convert --version | head -1

Verify Fix Applied:

Confirm version is 7.1.1-14 or higher with 'convert --version'.

📡 Detection & Monitoring

Log Indicators:

  • ImageMagick crash logs
  • Segmentation fault errors in system logs when processing TIFF files

Network Indicators:

  • Unusual TIFF file uploads to web applications

SIEM Query:

source="*imagemagick*" AND ("segmentation fault" OR "crash" OR "SIGSEGV")

📊 Metadata

CVE ID: CVE-2025-68469
CVSS v3 Score: 3.3 (LOW)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CWE: CWE-122
EPSS Score: 0.03% exploit probability (6.2th percentile)
Published: December 18, 2025
Last Updated: December 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-68469, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)