Headline
Ubuntu Security Notice USN-7053-1
Ubuntu Security Notice 7053-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or potentially leak sensitive information. These vulnerabilities included heap and stack-based buffer overflows, memory leaks, and improper handling of uninitialized values.
==========================================================================Ubuntu Security Notice USN-7053-1October 03, 2024imagemagick vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 14.04 LTSSummary:Several security issues were fixed in ImageMagick.Software Description:- imagemagick: Image manipulation programs and libraryDetails:It was discovered that ImageMagick incorrectly handled certain malformedimage files. If a user or automated system using ImageMagick were trickedinto opening a specially crafted image, an attacker could exploit this tocause a denial of service or potentially leak sensitive information.These vulnerabilities included heap and stack-based buffer overflows,memory leaks, and improper handling of uninitialized values.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 14.04 LTS imagemagick 8:6.7.7.10-6ubuntu3.13+esm10 Available with Ubuntu Pro libmagick++-dev 8:6.7.7.10-6ubuntu3.13+esm10 Available with Ubuntu Pro libmagick++5 8:6.7.7.10-6ubuntu3.13+esm10 Available with Ubuntu Pro libmagickcore-dev 8:6.7.7.10-6ubuntu3.13+esm10 Available with Ubuntu Pro libmagickcore5 8:6.7.7.10-6ubuntu3.13+esm10 Available with Ubuntu Pro libmagickcore5-extra 8:6.7.7.10-6ubuntu3.13+esm10 Available with Ubuntu Pro libmagickwand-dev 8:6.7.7.10-6ubuntu3.13+esm10 Available with Ubuntu Pro libmagickwand5 8:6.7.7.10-6ubuntu3.13+esm10 Available with Ubuntu Pro perlmagick 8:6.7.7.10-6ubuntu3.13+esm10 Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:https://ubuntu.com/security/notices/USN-7053-1 <https://ubuntu.com/security/notices/USN-7053-1> CVE-2019-13135, CVE-2019-13295, CVE-2019-13297, CVE-2019-13300, CVE-2019-13301, CVE-2019-13304, CVE-2019-13305, CVE-2019-13306, CVE-2019-13307, CVE-2019-13309, CVE-2019-13310, CVE-2019-13311, CVE-2019-13454, CVE-2019-15139, CVE-2019-15140, CVE-2019-15141, CVE-2019-16708, CVE-2019-16709, CVE-2019-16710, CVE-2019-16711, CVE-2019-16712, CVE-2019-16713, CVE-2019-19948, CVE-2019-19949, CVE-2019-7175Related news
In setIPv6AddrGenMode of NetworkManagementService.java, there is a possible bypass of networking permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141920289
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c.
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.