Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 728
Alerts This Week
Warning Icon 1 728

Ubuntu 18.04 LTS: 5456-1 Critical: ImageMagick Crash Due To Malformed Files

ubuntu
Calendar Grey June 1, 2022
Dist Ubuntu Esm H88
Using ImageMagick on Ubuntu might lead to crashes when handling specifically constructed files. Make sure to update your system to prevent this issue.
ImageMagick could be made to crash if it opened a specially crafted file.

Summary

ImageMagick could be made to crash if it opened a specially crafted file.

Software Description:

- imagemagick: Image manipulation programs and library

Details:

It was discovered that ImageMagick incorrectly handled memory under

certain circumstances. If a user were tricked into opening a specially

crafted image, an attacker could possibly exploit this issue to cause a

denial of service or other unspecified impact.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
   imagemagick                     8:6.9.7.4+dfsg-16ubuntu6.13
   imagemagick-6-common            8:6.9.7.4+dfsg-16ubuntu6.13
   imagemagick-common              8:6.9.7.4+dfsg-16ubuntu6.13
   libmagick++-6.q16-7             8:6.9.7.4+dfsg-16ubuntu6.13
   libmagick++-6.q16hdri-7         8:6.9.7.4+dfsg-16ubuntu6.13
   libmagickcore-6.q16-3           8:6.9.7.4+dfsg-16ubuntu6.13
   libmagickcore-6.q16hdri-3       8:6.9.7.4+dfsg-16ubuntu6.13

Ubuntu 16.04 ESM:
   imagemagick                     8:6.8.9.9-7ubuntu5.16+esm3
   imagemagick-6.q16               8:6.8.9.9-7ubuntu5.16+esm3
   imagemagick-common              8:6.8.9.9-7ubuntu5.16+esm3
   libmagick++-6.q16-5v5           8:6.8.9.9-7ubuntu5.16+esm3
   libmagickcore-6.q16-2           8:6.8.9.9-7ubuntu5.16+esm3

Ubuntu 14.04 ESM:
   imagemagick                     8:6.7.7.10-6ubuntu3.13+esm2
   imagemagick-common              8:6.7.7.10-6ubuntu3.13+esm2
   libmagick++5                    8:6.7.7.10-6ubuntu3.13+esm2
   libmagickcore5                  8:6.7.7.10-6ubuntu3.13+esm2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5456-1

CVE-2022-28463

Severity
critical
Lowest
Low
Medium
High
Critical

June 01, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.