Primary

Context

ImageMagick Denial-of-Service Vulnerability When Processing SVG Files

Vulnerability

Patched

A denial-of-service vulnerability has been identified in ImageMagick versions prior to 7.1.2-12. The issue arises when Magick reads a malicious SVG file, leading to excessive memory consumption and a stack overflow. This vulnerability can cause applications using ImageMagick to parse SVG files to crash.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing applications to crash or become unresponsive.

Reproduction

The vulnerability can be reproduced by generating a malicious SVG file and then using ImageMagick to read this file. This can be done with the command './magick <path_to_svg_file> null', which will cause the application to consume a large amount of memory and eventually crash due to a stack overflow.

Remediation

Users can upgrade to ImageMagick version 7.1.2-12 or later to address this vulnerability.

Added: Dec 30, 2025, 6:09 PM

Updated: Dec 30, 2025, 6:09 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

6.0

remediation

7.7

relevance

1.8

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

6.0

remediation

7.7

relevance

1.8

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ImageMagick Denial-of-Service Vulnerability When Processing SVG Files

Vulnerability

Impact

Reproduction

Remediation

Affected Products

ImageMagick

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating