Ubuntu alert USN-7756-1 (imagemagick)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7756-1] ImageMagick vulnerabilities | |
| Date: | Thu, 18 Sep 2025 18:05:47 +0000 | |
| Message-ID: | <E1uzJ0t-0002JL-B4@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7756-1 September 18, 2025 imagemagick vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in ImageMagick. Software Description: - imagemagick: Image manipulation programs and library Details: It was discovered that ImageMagick did not properly handle memory when performing magnified size calculations. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-55154) Woojin Park, Hojun Lee, Youngin Won, and Siyeon Han discovered that ImageMagick incorrectly handled creating thumbnail images for certain dimensions. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2025-55212) Lumina Mescuwa discovered that ImageMagick did not properly handle cloning splay trees in the MagickCore library. An attacker could possibly use this issue to cause sanitized builds of ImageMagick to crash, resulting in a denial of service. (CVE-2025-55160) Lumina Mescuwa discovered that ImageMagick did not properly handle memory. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-57807) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS imagemagick-6.q16 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm2 Available with Ubuntu Pro imagemagick-6.q16hdri 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm2 Available with Ubuntu Pro libmagick++-6.q16-9t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm2 Available with Ubuntu Pro libmagick++-6.q16hdri-9t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm2 Available with Ubuntu Pro libmagickcore-6.q16-7-extra 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm2 Available with Ubuntu Pro libmagickcore-6.q16-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm2 Available with Ubuntu Pro libmagickcore-6.q16hdri-7-extra 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm2 Available with Ubuntu Pro libmagickcore-6.q16hdri-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm2 Available with Ubuntu Pro libmagickwand-6.q16-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm2 Available with Ubuntu Pro libmagickwand-6.q16hdri-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 22.04 LTS imagemagick-6.q16 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm3 Available with Ubuntu Pro imagemagick-6.q16hdri 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm3 Available with Ubuntu Pro libmagick++-6.q16-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm3 Available with Ubuntu Pro libmagick++-6.q16hdri-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm3 Available with Ubuntu Pro libmagickcore-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm3 Available with Ubuntu Pro libmagickcore-6.q16-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm3 Available with Ubuntu Pro libmagickcore-6.q16hdri-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm3 Available with Ubuntu Pro libmagickcore-6.q16hdri-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm3 Available with Ubuntu Pro libmagickwand-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm3 Available with Ubuntu Pro libmagickwand-6.q16hdri-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm3 Available with Ubuntu Pro Ubuntu 20.04 LTS imagemagick-6.q16 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm3 Available with Ubuntu Pro imagemagick-6.q16hdri 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm3 Available with Ubuntu Pro libmagick++-6.q16-8 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm3 Available with Ubuntu Pro libmagick++-6.q16hdri-8 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm3 Available with Ubuntu Pro libmagickcore-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm3 Available with Ubuntu Pro libmagickcore-6.q16-6-extra 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm3 Available with Ubuntu Pro libmagickcore-6.q16hdri-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm3 Available with Ubuntu Pro libmagickcore-6.q16hdri-6-extra 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm3 Available with Ubuntu Pro libmagickwand-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm3 Available with Ubuntu Pro libmagickwand-6.q16hdri-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm3 Available with Ubuntu Pro Ubuntu 18.04 LTS imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu6.15+esm5 Available with Ubuntu Pro imagemagick-6.q16hdri 8:6.9.7.4+dfsg-16ubuntu6.15+esm5 Available with Ubuntu Pro libmagick++-6.q16-7 8:6.9.7.4+dfsg-16ubuntu6.15+esm5 Available with Ubuntu Pro libmagick++-6.q16hdri-7 8:6.9.7.4+dfsg-16ubuntu6.15+esm5 Available with Ubuntu Pro libmagickcore-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm5 Available with Ubuntu Pro libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-16ubuntu6.15+esm5 Available with Ubuntu Pro libmagickcore-6.q16hdri-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm5 Available with Ubuntu Pro libmagickcore-6.q16hdri-3-extra 8:6.9.7.4+dfsg-16ubuntu6.15+esm5 Available with Ubuntu Pro libmagickwand-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm5 Available with Ubuntu Pro libmagickwand-6.q16hdri-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm5 Available with Ubuntu Pro Ubuntu 16.04 LTS imagemagick-6.q16 8:6.8.9.9-7ubuntu5.16+esm13 Available with Ubuntu Pro libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.16+esm13 Available with Ubuntu Pro libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm13 Available with Ubuntu Pro libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.16+esm13 Available with Ubuntu Pro libmagickwand-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm13 Available with Ubuntu Pro Ubuntu 14.04 LTS imagemagick 8:6.7.7.10-6ubuntu3.13+esm14 Available with Ubuntu Pro imagemagick-common 8:6.7.7.10-6ubuntu3.13+esm14 Available with Ubuntu Pro libmagick++5 8:6.7.7.10-6ubuntu3.13+esm14 Available with Ubuntu Pro libmagickcore5 8:6.7.7.10-6ubuntu3.13+esm14 Available with Ubuntu Pro libmagickcore5-extra 8:6.7.7.10-6ubuntu3.13+esm14 Available with Ubuntu Pro libmagickwand5 8:6.7.7.10-6ubuntu3.13+esm14 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7756-1 CVE-2025-55154, CVE-2025-55160, CVE-2025-55212, CVE-2025-57807
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmjMSXIACgkQcpJm3tlz hgFnzQ/+L7zOipg5g8Upyl9o+BpkxXG1AeMbZAnkTYkP3ub83346GFF6EyuvzUSt C/YFMv1LVC+8eAKqOswZLCiUDHetXTRZOQcwQdQW5WxfrHghtsK3x1DmCglSPuHi KM4t+19DoU0iOvYMiVw6O7pgW02OfhDIRJiZFamtmKN8C60LfrHLDFgxTN84gCJM OpuH9B1ed3QL5/eLrGjFDvCUCYThV0MH3hHP0x56ATzy4AtOe+YfsX4Wpa1MOjkd RPILAxopwi2s1Nk6dLoxKyRWL+UbBQeSRAmHdlBjg/4+pSa2XUF71UUe3xbaRDV+ id+mGyLmgCfJ+Hm7JOv8zuQt/qG7Z9DGtpEx3QeHtfRK5UqhyCrMML0TbooosBK5 uK88Lge4fcnKb5cUzBfTkdvMIYkNE/oc6h6VHG6mrxfEfwt+gVolbbJapAsGkspv EtusvKzicO3YhdLIj549xip59oMcnlNNkT+ZtmLSPf9KCHumwiI98Z4elmNrvOhj dIUyt2pXK33oisM7yioH0VX4PHEAcvm+QqAfMZ35AzG3Whm8LdgTMvpfjNsMgKU2 sY3IdKnR8fb7wcgumZmGWA9jLbdQgjmmoezAwQgveB4CUVyTRR3X6BUX7M2LmI0d NW6XFzuKycWj7LQu0iX1IeDlokHVp4cdGdUxsIID+J2hbkRLwvM= =HOOQ -----END PGP SIGNATURE-----