CVE-2025-65955: ImageMagick has a use-after-free/double-free risk in Options::fontFamily when clearing family
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. This vulnerability is fixed in 7.1.2-9 and 6.9.13-34.
Security readout for executives and security teams
Plain-English summary
ImageMagick versions before 7.1.2-9 and 6.9.13-34 can mishandle memory when Magick++ clears a font family. The documented impact is crash or heap corruption, with limited confidentiality, integrity, and availability impact. This is not listed as KEV, and the provided sources do not show active exploitation.
Executive priority
Treat as a moderate patching item. Accelerate remediation for production services that depend on ImageMagick Magick++ drawing or font handling, but the supplied evidence does not justify emergency response on its own.
Technical view
In Magick++, calling Options::fontFamily with an empty string can free _drawInfo->font while leaving stale pointers in _drawInfo->font and _drawInfo->family. Later destruction or font updates may dereference or free invalid memory, creating CWE-415/CWE-416 conditions. Fixed releases are 7.1.2-9 and 6.9.13-34.
Likely exposure
Exposure is most likely in applications or libraries using ImageMagick Magick++ font APIs, especially code paths that clear font family settings. The source bundle does not show this as a general image-file parsing flaw or confirm remote reachability.
Exploitation context
CVSS is 4.9 with local attack vector and high attack complexity. KEV is false. The supplied sources support crash or heap corruption risk, but do not provide evidence of public exploitation, weaponized exploit code, or broad remote attack paths.
Researcher notes
The key condition is Options::fontFamily invoked with an empty string, causing stale _drawInfo pointers and later cleanup or setter failures. Evidence is incomplete for distro backports, real-world reachability, and exploitation beyond crash or heap corruption.
Mitigation direction
Upgrade ImageMagick to 7.1.2-9, 6.9.13-34, or later.
Check vendor or distribution advisories for backported fixed packages.
Prioritize systems using Magick++ font or drawing APIs.
Redeploy containers and bundled applications carrying affected ImageMagick versions.
Monitor ImageMagick advisories for any revised exploitability guidance.
Validation and detection
Inventory ImageMagick versions across hosts, containers, and application bundles.
Confirm deployed versions are not below 7.1.2-9 or 6.9.13-34.
Review SBOMs and package lockfiles for embedded ImageMagick dependencies.
Check code for Magick++ fontFamily, font, or drawing option usage.
Run non-offensive regression tests around font setting and cleanup paths.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-415: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
Use After Free represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.