A security update has been released for the ImageMagick package in Debian GNU/Linux 11 (Bullseye) LTS, which is a popular image processing suite. The update fixes multiple vulnerabilities that were found in ImageMagick, including issues with memory management, integer overflows, and crashes when processing crafted TIFF files or MVG files. The fixed version of ImageMagick is 8:6.9.11.60+dfsg-1.3+deb11u8, which addresses CVEs CVE-2025-65955 to CVE-2025-69204.

[DLA 4429-1] imagemagick security update

[SECURITY] [DLA 4429-1] imagemagick security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4429-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Bastien Roucari??s
December 31, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : imagemagick
Version : 8:6.9.11.60+dfsg-1.3+deb11u8
CVE ID : CVE-2025-65955 CVE-2025-66628 CVE-2025-68469 CVE-2025-68618
CVE-2025-68950 CVE-2025-69204
Debian Bug : 1122584 1122827

Multiple vulnerabilities were fixed in imagemagick a popular image
processing suite.

CVE-2025-65955

A vulnerability was found in ImageMagick???s Magick++ layer that
manifests when Options::fontFamily is invoked with an empty
string. Clearing a font family calls RelinquishMagickMemory on
_drawInfo->font, freeing the font string but leaving _drawInfo->font
pointing to freed memory while _drawInfo->family is set to that
(now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font
re-frees or dereferences dangling memory. DestroyDrawInfo and other
setters (Options::font, Image::font) assume _drawInfo->font remains
valid, so destruction or subsequent updates trigger crashes or heap
corruption

CVE-2025-66628

The TIM (PSX TIM) image parser contains a critical integer overflow
vulnerability in its ReadTIMImage function (coders/tim.c). The code
reads width and height (16-bit values) from the file header and
calculates image_size = 2 * width * height without checking for
overflow. On 32-bit systems (or where size_t is 32-bit), this
calculation can overflow if width and height are large (e.g., 65535),
wrapping around to a small value

CVE-2025-68469

ImageMagick crashes when processing a crafted TIFF file

CVE-2025-68618

Magick's failure to limit the depth of SVG file reads caused
a DoS attack.

CVE-2025-68950

Magick's failure to limit MVG mutual references forming a loop

CVE-2025-69204

Converting a malicious MVG file to SVG caused an integer overflow.

For Debian 11 bullseye, these problems have been fixed in version
8:6.9.11.60+dfsg-1.3+deb11u8.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS