Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-68618

CVE-2025-68618: ImageMagick SVG File DoS Vulnerability

CVE-2025-68618 is a denial-of-service vulnerability in ImageMagick triggered by malicious SVG files. Attackers can exploit this flaw to disrupt service availability. This article covers technical details, affected versions, and mitigation.

Updated:

CVE-2025-68618 Overview

CVE-2025-68618 is a denial of service vulnerability in ImageMagick, a widely deployed open-source image processing library. The flaw resides in the Scalable Vector Graphics (SVG) parser, where deeply nested vector graphics elements trigger uncontrolled recursion [CWE-674]. An attacker can supply a malicious SVG file that exhausts process resources when ImageMagick reads it, crashing the host application. The issue affects ImageMagick versions prior to 7.1.2-12 and is remotely exploitable through any service that ingests user-supplied SVG content.

Critical Impact

A network-reachable attacker can crash ImageMagick-backed services with a single crafted SVG file, with no authentication or user interaction required.

Affected Products

  • ImageMagick versions prior to 7.1.2-12
  • Applications and web services that use ImageMagick to process untrusted SVG input
  • Linux distributions and container images bundling vulnerable ImageMagick releases

Discovery Timeline

  • 2025-12-30 - CVE-2025-68618 published to the National Vulnerability Database (NVD)
  • 2026-01-06 - CVE record last modified in NVD

Technical Details for CVE-2025-68618

Vulnerability Analysis

The vulnerability is an uncontrolled recursion flaw in the ImageMagick SVG coder. When the parser encounters nested SVG group or container elements, it increments an internal depth counter (svg_info->n) and recursively allocates additional scale memory through ResizeQuantumMemory. Prior to version 7.1.2-12, the parser did not validate that the nesting depth remained within sane bounds. A crafted SVG containing thousands of nested elements forces unbounded stack recursion and memory growth, resulting in process termination or resource exhaustion. The defect is classified under [CWE-674] (Uncontrolled Recursion) and impacts availability without exposing confidentiality or integrity.

Root Cause

The coders/svg.c SVG element start handler incremented the recursion depth counter without comparing it against MagickMaxRecursionDepth. Subsequent memory resize and recursive descent operations proceeded unconditionally. A related missing depth check existed in coders/msl.c, the Magick Scripting Language coder, which shares parsing patterns with the SVG handler.

Attack Vector

Exploitation requires only that a vulnerable ImageMagick installation read attacker-controlled SVG content. Common entry points include image upload endpoints, avatar processors, thumbnail generators, document conversion pipelines, and CMS plugins. No authentication, privileges, or user interaction are required. The attack is remote and pre-authentication wherever the application accepts unauthenticated uploads.

c
// Patch in coders/svg.c — adds recursion depth check
    name);
  parser=(xmlParserCtxtPtr) context;
  svg_info=(SVGInfo *) parser->_private;
-  svg_info->n++;
+  if (svg_info->n++ > MagickMaxRecursionDepth)
+    {
+      (void) ThrowMagickException(svg_info->exception,GetMagickModule(),
+        DrawError,"VectorGraphicsNestedTooDeeply","`%s'",name);
+      xmlStopParser((xmlParserCtxtPtr) context);
+      return;
+    }
  svg_info->scale=(double *) ResizeQuantumMemory(svg_info->scale,(size_t)
    svg_info->n+1,sizeof(*svg_info->scale));
  if (svg_info->scale == (double *) NULL)
// Source: https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb

The fix aborts parsing with xmlStopParser and raises a VectorGraphicsNestedTooDeeply error once depth exceeds MagickMaxRecursionDepth, preventing further recursion and memory allocation.

Detection Methods for CVE-2025-68618

Indicators of Compromise

  • Repeated ImageMagick worker crashes or SIGSEGV events correlated with SVG processing
  • Application log entries containing VectorGraphicsNestedTooDeeply after patching
  • Sudden spikes in memory or CPU usage in image conversion services following SVG uploads
  • Inbound .svg files containing thousands of nested <g>, <svg>, or container elements

Detection Strategies

  • Inspect uploaded SVG files for abnormal nesting depth before passing them to ImageMagick
  • Monitor process exit codes and out-of-memory kills on hosts running ImageMagick conversion workers
  • Alert on web application logs that show ImageMagick errors clustered around a single client IP or session
  • Correlate file upload telemetry with image processing failures to identify probing activity

Monitoring Recommendations

  • Track ImageMagick version inventory across servers, containers, and developer images
  • Capture stderr and exception output from image processing pipelines into centralized logging
  • Set resource limits on conversion workers and alert when limits are repeatedly hit
  • Review web access logs for uploads of unusually large or deeply structured SVG payloads

How to Mitigate CVE-2025-68618

Immediate Actions Required

  • Upgrade ImageMagick to version 7.1.2-12 or later on all systems and container images
  • Rebuild and redeploy any application bundling ImageMagick as a static or vendored dependency
  • Restrict or disable SVG processing at the application layer until patching is complete
  • Apply resource limits (memory, CPU, process count) to ImageMagick worker processes

Patch Information

The upstream fix is delivered in ImageMagick 7.1.2-12 via commit 6f431d445f3ddd609c004a1dde617b0a73e60beb. The patch adds a MagickMaxRecursionDepth check in the SVG coder and a related depth field in the MSL coder. Refer to the ImageMagick Security Advisory GHSA-p27m-hp98-6637 and the upstream commit for full details.

Workarounds

  • Disable the SVG coder in ImageMagick policy.xml if SVG support is not required
  • Validate SVG input with a hardened parser to enforce maximum element nesting depth
  • Run ImageMagick in a sandboxed process with strict memory and CPU cgroups
  • Reject SVG files above a conservative size threshold at the web application gateway
bash
# /etc/ImageMagick-7/policy.xml — disable the SVG coder
<policymap>
  <policy domain="coder" rights="none" pattern="SVG" />
  <policy domain="coder" rights="none" pattern="MSL" />
  <policy domain="resource" name="memory" value="256MiB"/>
  <policy domain="resource" name="map" value="512MiB"/>
</policymap>

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.