logo

Database

Improper resource allocation In imagemagick

Description

ImageMagick's failure to limit MVG mutual causes Stack Overflow

Summary

Magick fails to check for circular references between two MVGs, leading to a stack overflow.

Details

After reading mvg1 using Magick, the following is displayed:

./magick -limit memory 2GiB -limit map 2GiB -limit disk 0 mvg:L1.mvg out.png
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3564123==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 (pc 0x5589549a4458 bp 0x7ffcc61f34a0 sp 0x7ffcc61efdd0 T0)
    #0 0x5589549a4458 in GetImagePixelCache MagickCore/cache.c:1726
    #1 0x5589549b02c1 in QueueAuthenticPixelCacheNexus MagickCore/cache.c:4261
    #2 0x5589549a2f24 in GetAuthenticPixelCacheNexus MagickCore/cache.c:1368
    #3 0x5589549bae98 in GetCacheViewAuthenticPixels MagickCore/cache-view.c:311...

Impact

This is a DoS vulnerability, and any situation that allows reading the mvg file will be affected.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

1-10 of 23

10

Aliases

1. CVE-2025-689502. NVD-2025-689503. OSV-DEBIAN-2025-689504. OSV-2025-689505. GHSA-7rvh-xqp3-pr8j6. GCVE-2025-689507. SECURITY-TRACKER-CVE-2025-68950

References

1. https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7rvh-xqp3-pr8j2. https://github.com/ImageMagick/ImageMagick/commit/204718c2211903949dcfc0df8e65ed066b008dec

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.