USN-7053-1: ImageMagick vulnerabilities
3 October 2024
Several security issues were fixed in ImageMagick.
Releases
Packages
- imagemagick - Image manipulation programs and library
Details
It was discovered that ImageMagick incorrectly handled certain malformed
image files. If a user or automated system using ImageMagick were tricked
into opening a specially crafted image, an attacker could exploit this to
cause a denial of service or potentially leak sensitive information.
These vulnerabilities included heap and stack-based buffer overflows,
memory leaks, and improper handling of uninitialized values.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04
-
imagemagick
-
8:6.7.7.10-6ubuntu3.13+esm10
Available with Ubuntu Pro
-
libmagick++-dev
-
8:6.7.7.10-6ubuntu3.13+esm10
Available with Ubuntu Pro
-
libmagick++5
-
8:6.7.7.10-6ubuntu3.13+esm10
Available with Ubuntu Pro
-
libmagickcore-dev
-
8:6.7.7.10-6ubuntu3.13+esm10
Available with Ubuntu Pro
-
libmagickcore5
-
8:6.7.7.10-6ubuntu3.13+esm10
Available with Ubuntu Pro
-
libmagickcore5-extra
-
8:6.7.7.10-6ubuntu3.13+esm10
Available with Ubuntu Pro
-
libmagickwand-dev
-
8:6.7.7.10-6ubuntu3.13+esm10
Available with Ubuntu Pro
-
libmagickwand5
-
8:6.7.7.10-6ubuntu3.13+esm10
Available with Ubuntu Pro
-
perlmagick
-
8:6.7.7.10-6ubuntu3.13+esm10
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
- CVE-2019-16710
- CVE-2019-13297
- CVE-2019-13310
- CVE-2019-13305
- CVE-2019-15140
- CVE-2019-13301
- CVE-2019-13307
- CVE-2019-13304
- CVE-2019-15141
- CVE-2019-15139
- CVE-2019-16708
- CVE-2019-16712
- CVE-2019-16709
- CVE-2019-19949
- CVE-2019-13295
- CVE-2019-16711
- CVE-2019-19948
- CVE-2019-13300
- CVE-2019-13135
- CVE-2019-13311
- CVE-2019-13454
- CVE-2019-13309
- CVE-2019-16713
- CVE-2019-7175
- CVE-2019-13306