{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-30T16:14:24Z",
  "bugzilla" : {
    "description" : "ImageMagick: ImageMagick: Denial of Service via malicious SVG file",
    "id" : "2426285",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2426285"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-674",
  "details" : [ "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.", "A flaw was found in ImageMagick, free and open-source software used for editing and manipulating digital images. An attacker could exploit this vulnerability by providing a specially crafted malicious SVG (Scalable Vector Graphics) file. Processing this file would lead to a Denial of Service (DoS) attack, making the software unavailable to legitimate users." ],
  "statement" : "This vulnerability is rated Moderate for Red Hat. A denial of service can occur in ImageMagick when processing a specially crafted malicious SVG file. This flaw can be exploited by an attacker providing a malicious SVG file, leading to the software becoming unavailable.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "ImageMagick",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "ImageMagick",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-68618\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-68618\nhttps://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p27m-hp98-6637" ],
  "name" : "CVE-2025-68618",
  "mitigation" : {
    "value" : "To mitigate this issue, avoid processing untrusted SVG files with ImageMagick. If processing untrusted SVG content is unavoidable, consider implementing sandboxing mechanisms for applications that utilize ImageMagick to limit the potential impact of a denial of service.",
    "lang" : "en:us"
  },
  "csaw" : false
}