Skip to content

Commit 467d499

Browse files
advisory-database[bot]advisory-database[bot]
committed
1 parent dd92ebb commit 467d499

File tree

1 file changed

+369
-0
lines changed

1 file changed

+369
-0
lines changed

advisories/github-reviewed/2025/12/GHSA-p27m-hp98-6637/GHSA-p27m-hp98-6637.json

Lines changed: 369 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,369 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-p27m-hp98-6637",
4+
"modified": "2025-12-30T22:54:33Z",
5+
"published": "2025-12-30T22:54:32Z",
6+
"aliases": [
7+
"CVE-2025-68618"
8+
],
9+
"summary": "ImageMagick's failure to limit the depth of SVG file reads caused a DoS attack",
10+
"details": "### Summary\n\nUsing Magick to read a malicious SVG file resulted in a DoS attack.\n\n### Details\n\nbt obtained using gdb:\n\n```\n#4 0x0000555555794c9c in ResizeMagickMemory (memory=0x7fffee203800, size=391344) at MagickCore/memory.c:1443\n#5 0x0000555555794e5a in ResizeQuantumMemory (memory=0x7fffee203800, count=48918, quantum=8) \nat MagickCore/memory.c:1508\n#6 0x0000555555acc8ed in SVGStartElement (context=0x517000000080, name=0x5190000055e3 \"g\", attributes=0x0) \nat coders/svg.c:1254\n#7 0x00007ffff6799b1c in xmlParseStartTag () at /lib/x86_64-linux-gnu/libxml2.so.2\n#8 0x00007ffff68c7bb8 in () at /lib/x86_64-linux-gnu/libxml2.so.2\n#9 0x00007ffff67a03f1 in xmlParseChunk () at /lib/x86_64-linux-gnu/libxml2.so.2\n```\n\nThis is related to the SVGStartElement and ResizeQuantumMemory functions.\n\n### PoC\n\n1. Generate an SVG file\n\n2. Read this file using Magick:\n\n```\n./magick /data/ylwang/Tools/LargeScan/targets/ImageMagick/test++/1.svg null\n```\n\n3. Causes a DoS Attack\n\nMy server has a large amount of memory, causing a stack overflow to take a long time. I'll use the Windows release version as an example:\n\n``` \nPS C:\\Program Files\\ImageMagick-7.1.2-Q8> .\\magick.exe -ping 1.svg null:\nPS C:\\Program Files\\ImageMagick-7.1.2-Q8> echo $LASTEXITCODE\n-1073741571\n```\n\nThe error code -1073741571 indicates a crash due to a stack overflow.\n\n### Impact\n\nThis is a DoS vulnerability and all applications using Magick to parse SVG files are affected.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "NuGet",
21+
"name": "Magick.NET-Q16-AnyCPU"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "14.10.1"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "NuGet",
40+
"name": "Magick.NET-Q16-HDRI-AnyCPU"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "0"
48+
},
49+
{
50+
"fixed": "14.10.1"
51+
}
52+
]
53+
}
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "NuGet",
59+
"name": "Magick.NET-Q16-HDRI-x86"
60+
},
61+
"ranges": [
62+
{
63+
"type": "ECOSYSTEM",
64+
"events": [
65+
{
66+
"introduced": "0"
67+
},
68+
{
69+
"fixed": "14.10.1"
70+
}
71+
]
72+
}
73+
]
74+
},
75+
{
76+
"package": {
77+
"ecosystem": "NuGet",
78+
"name": "Magick.NET-Q16-x86"
79+
},
80+
"ranges": [
81+
{
82+
"type": "ECOSYSTEM",
83+
"events": [
84+
{
85+
"introduced": "0"
86+
},
87+
{
88+
"fixed": "14.10.1"
89+
}
90+
]
91+
}
92+
]
93+
},
94+
{
95+
"package": {
96+
"ecosystem": "NuGet",
97+
"name": "Magick.NET-Q8-AnyCPU"
98+
},
99+
"ranges": [
100+
{
101+
"type": "ECOSYSTEM",
102+
"events": [
103+
{
104+
"introduced": "0"
105+
},
106+
{
107+
"fixed": "14.10.1"
108+
}
109+
]
110+
}
111+
]
112+
},
113+
{
114+
"package": {
115+
"ecosystem": "NuGet",
116+
"name": "Magick.NET-Q8-x86"
117+
},
118+
"ranges": [
119+
{
120+
"type": "ECOSYSTEM",
121+
"events": [
122+
{
123+
"introduced": "0"
124+
},
125+
{
126+
"fixed": "14.10.1"
127+
}
128+
]
129+
}
130+
]
131+
},
132+
{
133+
"package": {
134+
"ecosystem": "NuGet",
135+
"name": "Magick.NET-Q8-arm64"
136+
},
137+
"ranges": [
138+
{
139+
"type": "ECOSYSTEM",
140+
"events": [
141+
{
142+
"introduced": "0"
143+
},
144+
{
145+
"fixed": "14.10.1"
146+
}
147+
]
148+
}
149+
]
150+
},
151+
{
152+
"package": {
153+
"ecosystem": "NuGet",
154+
"name": "Magick.NET-Q8-OpenMP-x64"
155+
},
156+
"ranges": [
157+
{
158+
"type": "ECOSYSTEM",
159+
"events": [
160+
{
161+
"introduced": "0"
162+
},
163+
{
164+
"fixed": "14.10.1"
165+
}
166+
]
167+
}
168+
]
169+
},
170+
{
171+
"package": {
172+
"ecosystem": "NuGet",
173+
"name": "Magick.NET-Q8-OpenMP-arm64"
174+
},
175+
"ranges": [
176+
{
177+
"type": "ECOSYSTEM",
178+
"events": [
179+
{
180+
"introduced": "0"
181+
},
182+
{
183+
"fixed": "14.10.1"
184+
}
185+
]
186+
}
187+
]
188+
},
189+
{
190+
"package": {
191+
"ecosystem": "NuGet",
192+
"name": "Magick.NET-Q16-x64"
193+
},
194+
"ranges": [
195+
{
196+
"type": "ECOSYSTEM",
197+
"events": [
198+
{
199+
"introduced": "0"
200+
},
201+
{
202+
"fixed": "14.10.1"
203+
}
204+
]
205+
}
206+
]
207+
},
208+
{
209+
"package": {
210+
"ecosystem": "NuGet",
211+
"name": "Magick.NET-Q16-arm64"
212+
},
213+
"ranges": [
214+
{
215+
"type": "ECOSYSTEM",
216+
"events": [
217+
{
218+
"introduced": "0"
219+
},
220+
{
221+
"fixed": "14.10.1"
222+
}
223+
]
224+
}
225+
]
226+
},
227+
{
228+
"package": {
229+
"ecosystem": "NuGet",
230+
"name": "Magick.NET-Q16-OpenMP-x64"
231+
},
232+
"ranges": [
233+
{
234+
"type": "ECOSYSTEM",
235+
"events": [
236+
{
237+
"introduced": "0"
238+
},
239+
{
240+
"fixed": "14.10.1"
241+
}
242+
]
243+
}
244+
]
245+
},
246+
{
247+
"package": {
248+
"ecosystem": "NuGet",
249+
"name": "Magick.NET-Q16-OpenMP-arm64"
250+
},
251+
"ranges": [
252+
{
253+
"type": "ECOSYSTEM",
254+
"events": [
255+
{
256+
"introduced": "0"
257+
},
258+
{
259+
"fixed": "14.10.1"
260+
}
261+
]
262+
}
263+
]
264+
},
265+
{
266+
"package": {
267+
"ecosystem": "NuGet",
268+
"name": "Magick.NET-Q16-HDRI-x64"
269+
},
270+
"ranges": [
271+
{
272+
"type": "ECOSYSTEM",
273+
"events": [
274+
{
275+
"introduced": "0"
276+
},
277+
{
278+
"fixed": "14.10.1"
279+
}
280+
]
281+
}
282+
]
283+
},
284+
{
285+
"package": {
286+
"ecosystem": "NuGet",
287+
"name": "Magick.NET-Q16-HDRI-arm64"
288+
},
289+
"ranges": [
290+
{
291+
"type": "ECOSYSTEM",
292+
"events": [
293+
{
294+
"introduced": "0"
295+
},
296+
{
297+
"fixed": "14.10.1"
298+
}
299+
]
300+
}
301+
]
302+
},
303+
{
304+
"package": {
305+
"ecosystem": "NuGet",
306+
"name": "Magick.NET-Q16-HDRI-OpenMP-x64"
307+
},
308+
"ranges": [
309+
{
310+
"type": "ECOSYSTEM",
311+
"events": [
312+
{
313+
"introduced": "0"
314+
},
315+
{
316+
"fixed": "14.10.1"
317+
}
318+
]
319+
}
320+
]
321+
},
322+
{
323+
"package": {
324+
"ecosystem": "NuGet",
325+
"name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
326+
},
327+
"ranges": [
328+
{
329+
"type": "ECOSYSTEM",
330+
"events": [
331+
{
332+
"introduced": "0"
333+
},
334+
{
335+
"fixed": "14.10.1"
336+
}
337+
]
338+
}
339+
]
340+
}
341+
],
342+
"references": [
343+
{
344+
"type": "WEB",
345+
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p27m-hp98-6637"
346+
},
347+
{
348+
"type": "ADVISORY",
349+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68618"
350+
},
351+
{
352+
"type": "WEB",
353+
"url": "https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb"
354+
},
355+
{
356+
"type": "PACKAGE",
357+
"url": "https://github.com/ImageMagick/ImageMagick"
358+
}
359+
],
360+
"database_specific": {
361+
"cwe_ids": [
362+
"CWE-674"
363+
],
364+
"severity": "MODERATE",
365+
"github_reviewed": true,
366+
"github_reviewed_at": "2025-12-30T22:54:32Z",
367+
"nvd_published_at": "2025-12-30T17:15:43Z"
368+
}
369+
}

0 commit comments

Comments
 (0)