Headline
Ubuntu Security Notice USN-5456-1
Ubuntu Security Notice 5456-1 - It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted image, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact.
==========================================================================
Ubuntu Security Notice USN-5456-1
June 01, 2022
imagemagick vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
ImageMagick could be made to crash if it opened a specially crafted file.
Software Description:
- imagemagick: Image manipulation programs and library
Details:
It was discovered that ImageMagick incorrectly handled memory under
certain circumstances. If a user were tricked into opening a specially
crafted image, an attacker could possibly exploit this issue to cause a
denial of service or other unspecified impact.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
imagemagick 8:6.9.7.4+dfsg-16ubuntu6.13
imagemagick-6-common 8:6.9.7.4+dfsg-16ubuntu6.13
imagemagick-common 8:6.9.7.4+dfsg-16ubuntu6.13
libmagick+±6.q16-7 8:6.9.7.4+dfsg-16ubuntu6.13
libmagick+±6.q16hdri-7 8:6.9.7.4+dfsg-16ubuntu6.13
libmagickcore-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.13
libmagickcore-6.q16hdri-3 8:6.9.7.4+dfsg-16ubuntu6.13
Ubuntu 16.04 ESM:
imagemagick 8:6.8.9.9-7ubuntu5.16+esm3
imagemagick-6.q16 8:6.8.9.9-7ubuntu5.16+esm3
imagemagick-common 8:6.8.9.9-7ubuntu5.16+esm3
libmagick+±6.q16-5v5 8:6.8.9.9-7ubuntu5.16+esm3
libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm3
Ubuntu 14.04 ESM:
imagemagick 8:6.7.7.10-6ubuntu3.13+esm2
imagemagick-common 8:6.7.7.10-6ubuntu3.13+esm2
libmagick++5 8:6.7.7.10-6ubuntu3.13+esm2
libmagickcore5 8:6.7.7.10-6ubuntu3.13+esm2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5456-1
CVE-2022-28463
Package Information:
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.7.4+dfsg-16ubuntu6.13
Related news
Gentoo Linux Security Advisory 202405-2 - Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution. Versions greater than or equal to 6.9.13.0 are affected.
Ubuntu Security Notice 6200-1 - It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS.
Ubuntu Security Notice 5736-1 - It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 22.10.
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.