Ubuntu alert USN-7812-1 (imagemagick)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7812-1] ImageMagick vulnerabilities | |
| Date: | Thu, 09 Oct 2025 12:25:23 +0000 | |
| Message-ID: | <E1v6phz-0008Ot-FT@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7812-1 October 08, 2025 imagemagick vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in ImageMagick. Software Description: - imagemagick: Image manipulation programs and library Details: Woojin Park, Hojun Lee, Yougin Won and Siyeon Han discovered that ImageMagick did not properly sanitize image file names. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2025-55298) Lumina Mescuwa discovered that ImageMagick did not properly handle memory when encoding BMP images. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-57803) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS imagemagick-6.q16 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm3 Available with Ubuntu Pro imagemagick-6.q16hdri 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm3 Available with Ubuntu Pro libimage-magick-q16-perl 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm3 Available with Ubuntu Pro libimage-magick-q16hdri-perl 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm3 Available with Ubuntu Pro libmagick++-6.q16-9t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm3 Available with Ubuntu Pro libmagick++-6.q16hdri-9t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm3 Available with Ubuntu Pro libmagickcore-6.q16-7-extra 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm3 Available with Ubuntu Pro libmagickcore-6.q16-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm3 Available with Ubuntu Pro libmagickcore-6.q16hdri-7-extra 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm3 Available with Ubuntu Pro libmagickcore-6.q16hdri-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm3 Available with Ubuntu Pro libmagickwand-6.q16-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm3 Available with Ubuntu Pro libmagickwand-6.q16hdri-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm3 Available with Ubuntu Pro Ubuntu 22.04 LTS imagemagick-6.q16 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm4 Available with Ubuntu Pro imagemagick-6.q16hdri 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm4 Available with Ubuntu Pro libimage-magick-q16-perl 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm4 Available with Ubuntu Pro libimage-magick-q16hdri-perl 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm4 Available with Ubuntu Pro libmagick++-6.q16-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm4 Available with Ubuntu Pro libmagick++-6.q16hdri-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm4 Available with Ubuntu Pro libmagickcore-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm4 Available with Ubuntu Pro libmagickcore-6.q16-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm4 Available with Ubuntu Pro libmagickcore-6.q16hdri-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm4 Available with Ubuntu Pro libmagickcore-6.q16hdri-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm4 Available with Ubuntu Pro libmagickwand-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm4 Available with Ubuntu Pro libmagickwand-6.q16hdri-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm4 Available with Ubuntu Pro Ubuntu 20.04 LTS libimage-magick-q16-perl 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm4 Available with Ubuntu Pro libimage-magick-q16hdri-perl 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm4 Available with Ubuntu Pro libmagickcore-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm4 Available with Ubuntu Pro libmagickcore-6.q16hdri-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm4 Available with Ubuntu Pro Ubuntu 18.04 LTS imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu6.15+esm6 Available with Ubuntu Pro imagemagick-6.q16hdri 8:6.9.7.4+dfsg-16ubuntu6.15+esm6 Available with Ubuntu Pro libimage-magick-q16-perl 8:6.9.7.4+dfsg-16ubuntu6.15+esm6 Available with Ubuntu Pro libimage-magick-q16hdri-perl 8:6.9.7.4+dfsg-16ubuntu6.15+esm6 Available with Ubuntu Pro libmagick++-6.q16-7 8:6.9.7.4+dfsg-16ubuntu6.15+esm6 Available with Ubuntu Pro libmagick++-6.q16hdri-7 8:6.9.7.4+dfsg-16ubuntu6.15+esm6 Available with Ubuntu Pro libmagickcore-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm6 Available with Ubuntu Pro libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-16ubuntu6.15+esm6 Available with Ubuntu Pro libmagickcore-6.q16hdri-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm6 Available with Ubuntu Pro libmagickcore-6.q16hdri-3-extra 8:6.9.7.4+dfsg-16ubuntu6.15+esm6 Available with Ubuntu Pro libmagickwand-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm6 Available with Ubuntu Pro libmagickwand-6.q16hdri-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm6 Available with Ubuntu Pro Ubuntu 16.04 LTS imagemagick-6.q16 8:6.8.9.9-7ubuntu5.16+esm14 Available with Ubuntu Pro libimage-magick-q16-perl 8:6.8.9.9-7ubuntu5.16+esm14 Available with Ubuntu Pro libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.16+esm14 Available with Ubuntu Pro libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm14 Available with Ubuntu Pro libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.16+esm14 Available with Ubuntu Pro libmagickwand-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm14 Available with Ubuntu Pro Ubuntu 14.04 LTS imagemagick 8:6.7.7.10-6ubuntu3.13+esm15 Available with Ubuntu Pro imagemagick-common 8:6.7.7.10-6ubuntu3.13+esm15 Available with Ubuntu Pro libmagick++5 8:6.7.7.10-6ubuntu3.13+esm15 Available with Ubuntu Pro libmagickcore5 8:6.7.7.10-6ubuntu3.13+esm15 Available with Ubuntu Pro libmagickcore5-extra 8:6.7.7.10-6ubuntu3.13+esm15 Available with Ubuntu Pro libmagickwand5 8:6.7.7.10-6ubuntu3.13+esm15 Available with Ubuntu Pro perlmagick 8:6.7.7.10-6ubuntu3.13+esm15 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7812-1 CVE-2025-55298, CVE-2025-57803
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmjnmKQACgkQcpJm3tlz hgFmnBAAiIVrEqf3FXsdxeED0EWN+K82bgfzjW+PakCmh1sfhl7pGH91S6cjtlIw 46+EaCy3L5s/qpopL91/1uSO/fr7rkgJmxC2OD/Zki1LOr60z3MEQpNhkt+6/bIP T7UC1dgd2twmua/igZ8noulxGVyNtwHQIUxVP9YRs8/nbn/XKZzZygqDfy39gaRG yXeasDI8rEkx65NsyArr2bt0kF/Z9hUao1I6isKhumW4NEqh8XzGIwC9bZSLkru/ 8XYNR46o6xCvRHHF8FIo2UTtG3l9OLRNDWs7PLz/Ulk/blzOagOENmprBPt30KQw aB4og3BprQJLDP9CrB4p0+iJFu47UOHhdPuXQDeHpH4Fg0Vpv7+zmxHZK+M/v/y0 GTcQXdmAPOLVFC2jGIvuBXrggGcVmQuY7DzJio79v6dYPPhLrlAi90DhtzlYr3q0 m6lJIgQZr/YQ/SAr+ok6gR7+G4oyw1/cpKF74lmYDLjAy+I6TtrUyBtN4H74nDAq CsrPCxmtlk9mKGGyfHsCBD9Jmu0z8scF1rG8eaprxmYq75gXkhcpmXjCq9mn2yR/ HZgkMT2tHITfoKVm+oMySQP4JW0xxiNCFn3D5GApgOoSRLbMGrb5prXCX0nuT604 gxlzg/ra/J8wsB0/NHEmqTBz57LB3iVTu3YCPnhPVUN1wq4yYCk= =Y2JY -----END PGP SIGNATURE-----