Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 24.10: USN-7433-1 critical: GraphicsMagick denial of service

ubuntu
Calendar Grey April 14, 2025
Dist Ubuntu Esm H88
Resolved memory handling vulnerabilities in GraphicsMagick for Ubuntu, tackling essential security risks.
Several security issues were fixed in GraphicsMagick.

Summary

Several security issues were fixed in GraphicsMagick.

Software Description:

- graphicsmagick: collection of image processing tools

Details:

It was discovered that GraphicsMagick did not properly limit image

dimensions, which could lead to excessive memory consumption. An attacker

could possibly use this issue to cause a denial of service.

(CVE-2025-27795)

It was discovered that GraphicsMagick did not properly handle certain

memory operations, which could lead to a out-of-bounds memory access. An

attacker could possibly use this issue to leak sensitive information.

This issue only affected Ubuntu 24.10. (CVE-2025-27796)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   graphicsmagick                  1.4+really1.3.45-1ubuntu0.1

Ubuntu 24.04 LTS
   graphicsmagick 1.4+really1.3.42-1.1ubuntu0.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 22.04 LTS
   graphicsmagick                  1.4+really1.3.38-1ubuntu0.1+esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7433-1

  CVE-2025-27795, CVE-2025-27796

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7433-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here