Headline
Ubuntu Security Notice USN-7068-1
Ubuntu Security Notice 7068-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into processing a specially crafted file, an attacker could exploit this to cause a denial of service or affect the reliability of the system. The vulnerabilities included memory leaks, buffer overflows, and improper handling of pixel data.
==========================================================================Ubuntu Security Notice USN-7068-1October 15, 2024imagemagick vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 LTS- Ubuntu 14.04 LTSSummary:Several security issues were fixed in ImageMagick.Software Description:- imagemagick: Image manipulation programs and libraryDetails:It was discovered that ImageMagick incorrectly handled certainmalformed image files. If a user or automated system using ImageMagickwere tricked into processing a specially crafted file, an attacker couldexploit this to cause a denial of service or affect the reliability of thesystem. The vulnerabilities included memory leaks, buffer overflows, andimproper handling of pixel data.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 LTS imagemagick-6.q16 8:6.8.9.9-7ubuntu5.16+esm11 Available with Ubuntu Pro libimage-magick-perl 8:6.8.9.9-7ubuntu5.16+esm11 Available with Ubuntu Pro libimage-magick-q16-perl 8:6.8.9.9-7ubuntu5.16+esm11 Available with Ubuntu Pro libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.16+esm11 Available with Ubuntu Pro libmagickcore-6-headers 8:6.8.9.9-7ubuntu5.16+esm11 Available with Ubuntu Pro libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm11 Available with Ubuntu Pro libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.16+esm11 Available with Ubuntu Pro libmagickcore-6.q16-dev 8:6.8.9.9-7ubuntu5.16+esm11 Available with Ubuntu Pro libmagickwand-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm11 Available with Ubuntu ProUbuntu 14.04 LTS imagemagick 8:6.7.7.10-6ubuntu3.13+esm11 Available with Ubuntu Pro libmagick++-dev 8:6.7.7.10-6ubuntu3.13+esm11 Available with Ubuntu Pro libmagick++5 8:6.7.7.10-6ubuntu3.13+esm11 Available with Ubuntu Pro libmagickcore-dev 8:6.7.7.10-6ubuntu3.13+esm11 Available with Ubuntu Pro libmagickcore5 8:6.7.7.10-6ubuntu3.13+esm11 Available with Ubuntu Pro libmagickcore5-extra 8:6.7.7.10-6ubuntu3.13+esm11 Available with Ubuntu Pro libmagickwand-dev 8:6.7.7.10-6ubuntu3.13+esm11 Available with Ubuntu Pro libmagickwand5 8:6.7.7.10-6ubuntu3.13+esm11 Available with Ubuntu Pro perlmagick 8:6.7.7.10-6ubuntu3.13+esm11 Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:https://ubuntu.com/security/notices/USN-7068-1 <https://ubuntu.com/security/notices/USN-7068-1> CVE-2019-7397, CVE-2019-7398, CVE-2019-9956, CVE-2020-19667, CVE-2020-25664, CVE-2020-25665, CVE-2020-25666, CVE-2020-25674, CVE-2020-25676, CVE-2020-27560, CVE-2020-27750, CVE-2020-27753, CVE-2020-27754, CVE-2020-27755, CVE-2020-27758, CVE-2020-27759, CVE-2020-27760, CVE-2020-27761, CVE-2020-27762, CVE-2020-27763, CVE-2020-27764, CVE-2020-27765, CVE-2020-27766, CVE-2020-27767, CVE-2020-27768, CVE-2020-27769, CVE-2020-27770, CVE-2020-27771, CVE-2020-27772, CVE-2020-27773, CVE-2020-27774, CVE-2020-27775, CVE-2020-27776Related news
In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c.
In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0.
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.
In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0.
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-69.
A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69.
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.
ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.