USN-5158-1: ImageMagick vulnerabilities
29 November 2021
Several security issues were fixed in ImageMagick.
Releases
Packages
- imagemagick - Image manipulation programs and library
Details
It was discovered that ImageMagick incorrectly handled certain values
when processing visual effects based image files. By tricking a user into
opening a specially crafted image file, an attacker could crash the
application causing a denial of service. (CVE-2021-20244)
It was discovered that ImageMagick incorrectly handled certain values
when performing resampling operations. By tricking a user into opening
a specially crafted image file, an attacker could crash the application
causing a denial of service. (CVE-2021-20246)
It was discovered that ImageMagick incorrectly handled certain values
when processing visual effects based image files. By tricking a user into
opening a specially crafted image file, an attacker could crash the
application causing a denial of service (CVE-2021-20309)
It was discovered that ImageMagick incorrectly handled certain values
when processing thumbnail image data. By tricking a user into opening
a specially crafted image file, an attacker could crash the application
causing a denial of service. (CVE-2021-20312)
It was discovered that ImageMagick incorrectly handled memory cleanup
when performing certain cryptographic operations. Under certain conditions
sensitive cryptographic information could be disclosed. (CVE-2021-20313)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
Ubuntu 16.04
-
libmagick++-6.q16-5v5
-
8:6.8.9.9-7ubuntu5.16+esm1
Available with Ubuntu Pro
Ubuntu 14.04
-
libmagick++5
-
8:6.7.7.10-6ubuntu3.13+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.