Fluid Attacks Database

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12 fixes the issue.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	imagemagick	=8:6.9.11.60+dfsg-1.3 \|\| =8:6.9.11.60+dfsg-1.3+deb11u1 \|\| =8:6.9.11.60+dfsg-1.3+deb11u2 \|\| =8:6.9.11.60+dfsg-1.3+deb11u3 \|\| =8:6.9.11.60+dfsg-1.3+deb11u4 \|\| =8:6.9.11.60+dfsg-1.3+deb11u5 \|\| =8:6.9.11.60+dfsg-1.3+deb11u6 \|\| =8:6.9.11.60+dfsg-1.3+deb11u7 \|\| >=0 <8:6.9.11.60+dfsg-1.3+deb11u8	8:6.9.11.60+dfsg-1.3+deb11u8
debian 14	imagemagick	=8:7.1.1.43+dfsg1-1 \|\| =8:7.1.1.46+dfsg1-1 \|\| =8:7.1.1.47+dfsg1-1 \|\| =8:7.1.1.47+dfsg1-2 \|\| =8:7.1.2.1+dfsg1-1 \|\| =8:7.1.2.3+dfsg1-1 \|\| =8:7.1.2.7+dfsg1-1 \|\| =8:7.1.2.8+dfsg1-1 \|\| >=0 <8:7.1.2.12+dfsg1-1	8:7.1.2.12+dfsg1-1
debian 13	imagemagick	=8:7.1.1.43+dfsg1-1 \|\| =8:7.1.1.43+dfsg1-1+deb13u1 \|\| =8:7.1.1.43+dfsg1-1+deb13u2 \|\| =8:7.1.1.43+dfsg1-1+deb13u3 \|\| >=0 <8:7.1.1.43+dfsg1-1+deb13u4	8:7.1.1.43+dfsg1-1+deb13u4
debian 12	imagemagick	=8:6.9.11.60+dfsg-1.6 \|\| =8:6.9.11.60+dfsg-1.6+deb12u1 \|\| =8:6.9.11.60+dfsg-1.6+deb12u2 \|\| =8:6.9.11.60+dfsg-1.6+deb12u3 \|\| =8:6.9.11.60+dfsg-1.6+deb12u4 \|\| >=0 <8:6.9.11.60+dfsg-1.6+deb12u5	8:6.9.11.60+dfsg-1.6+deb12u5
rpm rhel6	ImageMagick	-	-
rpm rhel7	ImageMagick	-	-

Aliases

1. CVE-2025-692042. NVD-2025-692043. OSV-DEBIAN-2025-692044. OSV-2025-692045. SECURITY-TRACKER-CVE-2025-69204

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.