ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue.

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3123 advisory.

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to     version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the     issue. (CVE-2025-68469)

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to     version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12     fixes the issue. (CVE-2025-68618)

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to     version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack     overflow. This is a DoS vulnerability, and any situation that allows reading the mvg file will be     affected. Version 7.1.2-12 fixes the issue. (CVE-2025-68950)

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to     version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused     an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12     fixes the issue. (CVE-2025-69204)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0059-1 advisory.

    - CVE-2025-68469: crash due to heap buffer overflow when processing a specially crafted TIFF file     (bsc#1255391).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0013-1 advisory.

    - CVE-2025-65955: possible use-after-free/double-free in `Options::fontFamily` when clearing a family can     lead to       crashes or memory corruption (bsc#1254435).
    - CVE-2025-66628: possible integer overflow in the TIM image parser's `ReadTIMImage` function can lead to     arbitrary       memory disclosure on 32-bit systems (bsc#1254820).
    - CVE-2025-68469: crash due to heap buffer overflow when processing a specially crafted TIFF file     (bsc#1255391).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4429 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-4429-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                   Bastien Roucaris     December 31, 2025                             https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : imagemagick     Version        : 8:6.9.11.60+dfsg-1.3+deb11u8     CVE ID         : CVE-2025-65955 CVE-2025-66628 CVE-2025-68469 CVE-2025-68618                      CVE-2025-68950 CVE-2025-69204     Debian Bug     : 1122584 1122827

    Multiple vulnerabilities were fixed in imagemagick a popular image     processing suite.

    CVE-2025-65955

         A vulnerability was found in ImageMagick??s Magick++ layer that         manifests when Options::fontFamily is invoked with an empty         string. Clearing a font family calls RelinquishMagickMemory on
        _drawInfo->font, freeing the font string but leaving _drawInfo->font         pointing to freed memory while _drawInfo->family is set to that         (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font         re-frees or dereferences dangling memory. DestroyDrawInfo and other         setters (Options::font, Image::font) assume _drawInfo->font remains         valid, so destruction or subsequent updates trigger crashes or heap         corruption

    CVE-2025-66628

        The TIM (PSX TIM) image parser contains a critical integer overflow         vulnerability in its ReadTIMImage function (coders/tim.c). The code         reads width and height (16-bit values) from the file header and         calculates image_size = 2 * width * height without checking for         overflow. On 32-bit systems (or where size_t is 32-bit), this         calculation can overflow if width and height are large (e.g., 65535),         wrapping around to a small value

    CVE-2025-68469

        ImageMagick crashes when processing a crafted TIFF file

    CVE-2025-68618

        Magick's failure to limit the depth of SVG file reads caused         a DoS attack.

    CVE-2025-68950

        Magick's failure to limit MVG mutual references forming a loop

    CVE-2025-69204

        Converting a malicious MVG file to SVG caused an integer overflow.

    For Debian 11 bullseye, these problems have been fixed in version     8:6.9.11.60+dfsg-1.3+deb11u8.

    We recommend that you upgrade your imagemagick packages.

    For the detailed security status of imagemagick please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/imagemagick

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to     version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the     issue. (CVE-2025-68469)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
294893	Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3123 (ALAS-2026-3123)	Nessus	Amazon Linux Local Security Checks	medium
282498	SUSE SLES12 Security Update : ImageMagick (SUSE-SU-2026:0059-1)	Nessus	SuSE Local Security Checks	medium
281834	SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2026:0013-1)	Nessus	SuSE Local Security Checks	medium
281533	Debian dla-4429 : imagemagick - security update	Nessus	Debian Local Security Checks	medium
279365	Linux Distros Unpatched Vulnerability : CVE-2025-68469	Nessus	Misc.	medium

Detections

Analytics

CVE-2025-68469

medium

Tenable Plugins

medium

medium

medium

medium

medium