USN-6393-1: ImageMagick vulnerability

Publication date

21 September 2023

Overview

ImageMagick could be made to crash when processing the -help option.


Packages

  • imagemagick - Image manipulation programs and library

Details

It was discovered that ImageMagick did not properly handle memory when
processing the -help option. An attacker could potentially use this
issue to cause a crash.

It was discovered that ImageMagick did not properly handle memory when
processing the -help option. An attacker could potentially use this
issue to cause a crash.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
20.04 focal imagemagick –  8:6.9.10.23+dfsg-2.1ubuntu11.9+esm1  
imagemagick-6.q16 –  8:6.9.10.23+dfsg-2.1ubuntu11.9+esm1  
imagemagick-6.q16hdri –  8:6.9.10.23+dfsg-2.1ubuntu11.9+esm1  
18.04 bionic imagemagick –  8:6.9.7.4+dfsg-16ubuntu6.15+esm2  
imagemagick-6.q16 –  8:6.9.7.4+dfsg-16ubuntu6.15+esm2  
imagemagick-6.q16hdri –  8:6.9.7.4+dfsg-16ubuntu6.15+esm2  
16.04 xenial imagemagick –  8:6.8.9.9-7ubuntu5.16+esm9  
imagemagick-6.q16 –  8:6.8.9.9-7ubuntu5.16+esm9  
14.04 trusty imagemagick –  8:6.7.7.10-6ubuntu3.13+esm6  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›